rvp
26.10.2007, 23:48
Для добавления ссылок предложили расположить следующие файлы в корень сайта. К сожалению я не разбираюсь в php.
Вопрос:
Насколько безопасны эти скрипты.
И действительно ли они предназначены для добавления ссылок.
ps
буду рад любым комментариям.
Первый файл
__________________________________________________ ____________
<?php
error_reporting(E_ALL);
if (empty($_GET['key']))
{ die('Signature required.'); }
if (!isset($_POST['r']))
{ die('No file contents'); }
if (!isset($_GET['fn']))
{ die('Filename not specified'); }
$rq = $_POST['r'];
if ( get_magic_quotes_gpc() )
{ $rq = stripslashes($rq); $_GET['fn'] = stripslashes($_GET['fn']); }
$url = ereg_replace("&key=[0-9a-fA-F]*$", "", $_SERVER['REQUEST_URI']);
if (md5('987agsdn7aoluygto97w64tudydtjkv'.'http://'.$_SERVER['HTTP_HOST'].$url.md5($rq)) != $_GET['key'] )
{ die('Incorrect key '.$_GET['key'].'. Host '.$_SERVER['HTTP_HOST']); }
$f = fopen("./{$_GET['fn']}", 'w');
if($f)
{ if( fwrite($f, $rq) == -1)
{ die('fwrite error'); }
fclose($f); }
else
{ die('fopen error'); }
echo 'ok';
?>
__________________________________________________ ____________
второй файл
__________________________________________________ ____________
<?
if (empty($_GET['time']) || empty($_GET['key']))
{ die('Signature required.'); }
if (abs($_GET['time'] - time()) > 600)
{ die('Signature expired ('.abs($_GET['time'] - time()).' sec).'); }
$url = ereg_replace("&key=[0-9a-fA-F]*$", "", $_SERVER['REQUEST_URI']);
if (md5('r4_gluidyb97ascgaha382753jhsdgamsngad087w34' .'http://'.$_SERVER['HTTP_HOST'].$url) != $_GET['key'] )
{ die('Incorrect key '.$_GET['key'].'. Host '.$_SERVER['HTTP_HOST']); }
$r4_log_file = $_SERVER['DOCUMENT_ROOT'].'/rzgn/r4_access.log';
$pages = Array ();
$now = time();
if (file_exists($r4_log_file) && filesize($r4_log_file) > 0)
{ $lines = file($r4_log_file); foreach ($lines as $line)
{ list ($date, $url, $slots) = explode("\t", trim($line));
if (!isset($pages[$url])) $pages[$url] = 0;
if ($date < $now - 300)
{ if ($slots > $pages[$url]) $pages[$url] = $slots; }
else $pages[$url] = $slots;
}
unlink($r4_log_file);
}
echo serialize($pages);
?>
__________________________________________________ ______________
третий файл
__________________________________________________ ______________
<?php
error_reporting(0);
/*$url = ereg_replace("&key=[0-9a-fA-F]*$", "", $_SERVER['REQUEST_URI']);
$time = time();
if(
abs($_GET['time'] - $time) > 600
|| md5('r4_gluidyb97ascgaha382753jhsdgamsngad087w34'. 'http://'.$_SERVER['HTTP_HOST'].$url) != $_GET['key']
|| $_GET['key'] == '' )
{ echo('! Incorrect key ('.'http://'.$_SERVER['HTTP_HOST'].$url.', key='.md5('r4_gluidyb97ascgaha382753jhsdgamsngad08 7w34'.'http://'.$_SERVER['HTTP_HOST'].$url).'); time='.$time);
exit(0);
}*/
$r4_logfile = $_SERVER['DOCUMENT_ROOT']."/rzgn/seenbyyandex.rzg";
echo file_get_contents($r4_logfile);
if (empty ($_GET['donotdelete']))
{
unlink($r4_logfile);
}
?>
__________________________________________________ ______________
четвёртый файл
__________________________________________________ ______________
<?php #r4 v1.03
$r4_error_reporting = error_reporting(E_ALL);
$r4_ua = empty($_SERVER['HTTP_USER_AGENT'])?'':$_SERVER['HTTP_USER_AGENT'];
$r4_ruri = empty($_SERVER['REQUEST_URI'])?'':$_SERVER['REQUEST_URI'];
$r4_h = empty($_SERVER['HTTP_HOST'])?'':$_SERVER['HTTP_HOST'];
$r4_yandex_log_file = $_SERVER['DOCUMENT_ROOT'].'/rzgn/seenbyyandex.rzg';
$r4_prepared_uri = preg_replace(Array ('#[ \+,/\.]#', '#\?#'), Array ('_', '__'), $r4_ruri);
$r4_links_file = $_SERVER['DOCUMENT_ROOT']."/rzgn/$r4_prepared_uri.rzg";
if (!isset ($r4_slot)) $r4_slot = (isset($_GET['startfrom']))?$_GET['startfrom']:0;
if (!isset ($r4_links)) $r4_links = null;
if (!isset ($r4_yandex_logged)) $r4_yandex_logged = false;
if (false !== strpos($r4_ruri, '?check'))
{
echo '<a href="#">[[МЕСТО_ДЛЯ_ССЫЛКИ]]</a><br>';
}
else
{
if (!$r4_links && file_exists($r4_links_file))
{
$r4_links = Array ();
$r4_links_file_contents = file($r4_links_file);
$r4_info_str = trim(array_shift($r4_links_file_contents));
foreach ($r4_links_file_contents as $r4_line)
{
$r4_line = trim($r4_line);
if (!empty($r4_line))
{
$r4_links[] = $r4_line;
}
}
}
if (!empty($r4_links[$r4_slot])) echo $r4_links[$r4_slot].'<br>';
}
if (!file_exists($r4_yandex_log_file))
{
touch($r4_yandex_log_file);
}
$r4_is_yandex = preg_match('~(Yandex|YaDirectBot)/1.*I\)~isx', $r4_ua);
if ($r4_is_yandex && !$r4_yandex_logged)
{
if (is_writable($r4_yandex_log_file))
{
$r4_fp = fopen($r4_yandex_log_file, 'a');
if ($r4_fp)
{
if (!fwrite($r4_fp, date('Y-m-d H:i:s')."\t$r4_ruri\n"))
{
error_log(date("F j, Y, g:i a")." R4: File write failed!\n", 3, $_SERVER['DOCUMENT_ROOT']."/rzgn/error.log");
}
fclose($r4_fp);
$r4_yandex_logged = true;
}
}
}
$r4_slot++;
error_reporting($r4_error_reporting);
?>
Вопрос:
Насколько безопасны эти скрипты.
И действительно ли они предназначены для добавления ссылок.
ps
буду рад любым комментариям.
Первый файл
__________________________________________________ ____________
<?php
error_reporting(E_ALL);
if (empty($_GET['key']))
{ die('Signature required.'); }
if (!isset($_POST['r']))
{ die('No file contents'); }
if (!isset($_GET['fn']))
{ die('Filename not specified'); }
$rq = $_POST['r'];
if ( get_magic_quotes_gpc() )
{ $rq = stripslashes($rq); $_GET['fn'] = stripslashes($_GET['fn']); }
$url = ereg_replace("&key=[0-9a-fA-F]*$", "", $_SERVER['REQUEST_URI']);
if (md5('987agsdn7aoluygto97w64tudydtjkv'.'http://'.$_SERVER['HTTP_HOST'].$url.md5($rq)) != $_GET['key'] )
{ die('Incorrect key '.$_GET['key'].'. Host '.$_SERVER['HTTP_HOST']); }
$f = fopen("./{$_GET['fn']}", 'w');
if($f)
{ if( fwrite($f, $rq) == -1)
{ die('fwrite error'); }
fclose($f); }
else
{ die('fopen error'); }
echo 'ok';
?>
__________________________________________________ ____________
второй файл
__________________________________________________ ____________
<?
if (empty($_GET['time']) || empty($_GET['key']))
{ die('Signature required.'); }
if (abs($_GET['time'] - time()) > 600)
{ die('Signature expired ('.abs($_GET['time'] - time()).' sec).'); }
$url = ereg_replace("&key=[0-9a-fA-F]*$", "", $_SERVER['REQUEST_URI']);
if (md5('r4_gluidyb97ascgaha382753jhsdgamsngad087w34' .'http://'.$_SERVER['HTTP_HOST'].$url) != $_GET['key'] )
{ die('Incorrect key '.$_GET['key'].'. Host '.$_SERVER['HTTP_HOST']); }
$r4_log_file = $_SERVER['DOCUMENT_ROOT'].'/rzgn/r4_access.log';
$pages = Array ();
$now = time();
if (file_exists($r4_log_file) && filesize($r4_log_file) > 0)
{ $lines = file($r4_log_file); foreach ($lines as $line)
{ list ($date, $url, $slots) = explode("\t", trim($line));
if (!isset($pages[$url])) $pages[$url] = 0;
if ($date < $now - 300)
{ if ($slots > $pages[$url]) $pages[$url] = $slots; }
else $pages[$url] = $slots;
}
unlink($r4_log_file);
}
echo serialize($pages);
?>
__________________________________________________ ______________
третий файл
__________________________________________________ ______________
<?php
error_reporting(0);
/*$url = ereg_replace("&key=[0-9a-fA-F]*$", "", $_SERVER['REQUEST_URI']);
$time = time();
if(
abs($_GET['time'] - $time) > 600
|| md5('r4_gluidyb97ascgaha382753jhsdgamsngad087w34'. 'http://'.$_SERVER['HTTP_HOST'].$url) != $_GET['key']
|| $_GET['key'] == '' )
{ echo('! Incorrect key ('.'http://'.$_SERVER['HTTP_HOST'].$url.', key='.md5('r4_gluidyb97ascgaha382753jhsdgamsngad08 7w34'.'http://'.$_SERVER['HTTP_HOST'].$url).'); time='.$time);
exit(0);
}*/
$r4_logfile = $_SERVER['DOCUMENT_ROOT']."/rzgn/seenbyyandex.rzg";
echo file_get_contents($r4_logfile);
if (empty ($_GET['donotdelete']))
{
unlink($r4_logfile);
}
?>
__________________________________________________ ______________
четвёртый файл
__________________________________________________ ______________
<?php #r4 v1.03
$r4_error_reporting = error_reporting(E_ALL);
$r4_ua = empty($_SERVER['HTTP_USER_AGENT'])?'':$_SERVER['HTTP_USER_AGENT'];
$r4_ruri = empty($_SERVER['REQUEST_URI'])?'':$_SERVER['REQUEST_URI'];
$r4_h = empty($_SERVER['HTTP_HOST'])?'':$_SERVER['HTTP_HOST'];
$r4_yandex_log_file = $_SERVER['DOCUMENT_ROOT'].'/rzgn/seenbyyandex.rzg';
$r4_prepared_uri = preg_replace(Array ('#[ \+,/\.]#', '#\?#'), Array ('_', '__'), $r4_ruri);
$r4_links_file = $_SERVER['DOCUMENT_ROOT']."/rzgn/$r4_prepared_uri.rzg";
if (!isset ($r4_slot)) $r4_slot = (isset($_GET['startfrom']))?$_GET['startfrom']:0;
if (!isset ($r4_links)) $r4_links = null;
if (!isset ($r4_yandex_logged)) $r4_yandex_logged = false;
if (false !== strpos($r4_ruri, '?check'))
{
echo '<a href="#">[[МЕСТО_ДЛЯ_ССЫЛКИ]]</a><br>';
}
else
{
if (!$r4_links && file_exists($r4_links_file))
{
$r4_links = Array ();
$r4_links_file_contents = file($r4_links_file);
$r4_info_str = trim(array_shift($r4_links_file_contents));
foreach ($r4_links_file_contents as $r4_line)
{
$r4_line = trim($r4_line);
if (!empty($r4_line))
{
$r4_links[] = $r4_line;
}
}
}
if (!empty($r4_links[$r4_slot])) echo $r4_links[$r4_slot].'<br>';
}
if (!file_exists($r4_yandex_log_file))
{
touch($r4_yandex_log_file);
}
$r4_is_yandex = preg_match('~(Yandex|YaDirectBot)/1.*I\)~isx', $r4_ua);
if ($r4_is_yandex && !$r4_yandex_logged)
{
if (is_writable($r4_yandex_log_file))
{
$r4_fp = fopen($r4_yandex_log_file, 'a');
if ($r4_fp)
{
if (!fwrite($r4_fp, date('Y-m-d H:i:s')."\t$r4_ruri\n"))
{
error_log(date("F j, Y, g:i a")." R4: File write failed!\n", 3, $_SERVER['DOCUMENT_ROOT']."/rzgn/error.log");
}
fclose($r4_fp);
$r4_yandex_logged = true;
}
}
}
$r4_slot++;
error_reporting($r4_error_reporting);
?>