D2S05
07-30-2006, 02:04 AM
Hi, I'm not sure if this is the correct subforum, feel free to move it if it's not.
I've been contacted by an agent from ztmc.com, this guy offered me $50.00 USD in advance each month for introducing text ads in our vb board. When I accepted, he sent me not a HTTP code as I though he would, but some php and xml files and I'd like to be sure those files are completely safe:
The instructions:
* Upload the empty file named ad_network_ads_405.txt set the web server to have write permissions to this file. An easy way to set the permissions would be with the following command:
chmod 666 ad_network_ads_265.txt
* Upload ad_network_405.php (note both files should be uploaded to the root of the forums)
* In the Styles/Templates section of the Admin section, edit the SHOWTHREAD_SHOWPOST, printthread and footer templates, and add the following to it (somewhere appropriate):
footer:
$ad_network
# Import product-advertising_links.xml under AdminCP -> Plugin System -> Manage Products -> Add/Import Product
The xml file:
<?xml version="1.0" encoding="ISO-8859-1"?>
<product productid="advertising_links" active="1">
<title>Advertising Links</title>
<description><![CDATA[Allows you to run 5 advertising links on your forum]]></description>
<version>1.0</version>
<codes>
</codes>
<templates>
</templates>
<plugins>
<plugin active="1">
<title>Advertising Links On Archive</title>
<hookname>archive_process_start</hookname>
<phpcode><![CDATA[include ('ad_network_405.php');
echo '<div style="border: 1px solid silver; padding: 8px; background: #eee; margin-bottom: 16px;"><center>';
echo $ad_network . '</center></div>';]]></phpcode>
</plugin>
<plugin active="1">
<title>Advertising Links On Main Forum</title>
<hookname>global_start</hookname>
<phpcode><![CDATA[include ('ad_network_405.php');]]></phpcode>
</plugin>
</plugins>
<phrases>
</phrases>
<options>
</options>
</product>
The php file:
<?php
// Last update: October 6, 2005 5:49 pm (PST)
function file_get_contents_an($url) {
if (substr ($url, 0, 7) == 'http://') {
$url = parse_url ($url);
if ($handle = @fsockopen ($url['host'], 80)) {
fwrite ($handle, "GET $url[path]?$url[query] HTTP/1.0\r\nHost: $url[host]\r\nConnection: Close\r\n\r\n");
while (!feof($handle)) {
$string .= @fread($handle, 40960);
}
$string = explode ("
", $string);
$string = array_pop ($string);
}
} else {
$handle = fopen($url, 'r');
$string = fread($handle, 4096000);
}
fclose($handle);
return $string;
}
if (!function_exists('make_seed')) {
function make_seed() {
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
mt_srand (make_seed());
}
if (!isset($_SERVER)) $_SERVER = $HTTP_SERVER_VARS;
$ad_file = 'ad_network_ads_405.txt';
for ($i = 0; $i <= 11; $i++) {
$path = substr ('../../../../../../../../../../', 0, $i * 3);
if (file_exists ($path . $ad_file)) {
$ad_file = $path . $ad_file;
break;
}
}
if (is_writable ($ad_file)) {
$ad_network = array();
$ads = file_get_contents_an ($ad_file);
$ads = explode ('<ad_break>', $ads);
$ads_temp = explode ('|', $ads[0]);
$file = fopen($ad_file, 'r+');
if (flock ($file, LOCK_EX|LOCK_NB, $would_block) && !$would_block) {
if ((count ($ads) < $ads_temp[4] + 1 && $ads_temp[0] + $ads_temp[6] < time()) || $ads_temp[0] + $ads_temp[5] < time()) {
$new_ad = file_get_contents_an ('http://ads.digitalpoint.com/network.php?c=' . $_SERVER['SERVER_NAME'] . '&type=link');
if ($new_ad) {
$ads_param = explode ('<ad_param>' , $new_ad);
$new_ad = $ads_param[1];
unset ($ads_param[1]);
$ads_temp = explode ('|', $ads_temp[0] . '|' . $ads_temp[1] . '|' . $ads_temp[2] . '|' . $ads_param[0]);
} else {
$ads_param = array_slice ($ads_temp, 3, 6);
}
$ads_temp[1] = (integer)$ads_temp[1] + 1;
if ($ads_temp[1] > $ads_temp[4]) $ads_temp[1] = 1;
$ads[0] = time() . '|' . $ads_temp[1] . '|' . gethostbyname('validate.digitalpoint.com') . '|' . implode ('|', $ads_param);
if ($new_ad) {
$ads[$ads_temp[1]] = $new_ad;
if (count ($ads) > $ads_temp[4] + 1) $ads = array_merge ((array)$ads[0], (array)array_slice ($ads, -$ads_temp[4]));
}
fwrite ($file, implode ('<ad_break>', $ads));
ftruncate ($file, ftell($file));
}
flock ($file, LOCK_UN);
fclose ($file);
}
$ads_x = 0;
while (count ($ad_network) < 5) {
if (count($ad_network) % 2 == 0 && false) {
$ads_next = (hexdec(substr(md5($_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'] . $_SERVER['QUERY_STRING']), 0, 6)) % (count($ads) - 1 - $ads_x)) + 1;
$ads_x++;
} else {
$ads_next = mt_rand(1,count($ads) - 1);
}
$ad_network[] = $ads[$ads_next];
}
foreach ($ad_network as $key => $ad) {
$split = explode ('<id>', $ad);
$ad_ids[] = $split[1];
$ad = $split[0];
$ads_output = $ads_temp[2] == $_SERVER['REMOTE_ADDR'] || $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR'];
if ($ads_output) {
$ad_network[$key] = str_replace ('" />', '" class="' . $ads_temp[3] . '" />', $ad);
} else {
$ad_network[$key] = str_replace ('" />', '">', $ad);
}
}
$ad_network = implode (' | ', $ad_network);
if ($ads_temp[7] && ($ads_output || preg_match('#(' . str_replace ('-', '|', $ads_temp[8]) . ')#si', $_SERVER['HTTP_USER_AGENT'])) && !$_SERVER['HTTPS']) $ad_network .= ' <img src="http://ads.digitalpoint.com/t-' . implode ('-', $ad_ids) . '.gif" width="1" height="1">';
} else {
$ad_network = 'You must set the ' . $ad_file . ' file to be writable (check file name as well).';
}
if (substr (@$_SERVER['DOCUMENT_NAME'], -6) == '.shtml') {
ini_set ('zlib.output_compression', 0);
echo $ad_network;
}
?>
If you find anything suspicious or find them clean I'd really appreciate your opinion as I don't understand a bit of php or xml programming.
Thank you!
I've been contacted by an agent from ztmc.com, this guy offered me $50.00 USD in advance each month for introducing text ads in our vb board. When I accepted, he sent me not a HTTP code as I though he would, but some php and xml files and I'd like to be sure those files are completely safe:
The instructions:
* Upload the empty file named ad_network_ads_405.txt set the web server to have write permissions to this file. An easy way to set the permissions would be with the following command:
chmod 666 ad_network_ads_265.txt
* Upload ad_network_405.php (note both files should be uploaded to the root of the forums)
* In the Styles/Templates section of the Admin section, edit the SHOWTHREAD_SHOWPOST, printthread and footer templates, and add the following to it (somewhere appropriate):
footer:
$ad_network
# Import product-advertising_links.xml under AdminCP -> Plugin System -> Manage Products -> Add/Import Product
The xml file:
<?xml version="1.0" encoding="ISO-8859-1"?>
<product productid="advertising_links" active="1">
<title>Advertising Links</title>
<description><![CDATA[Allows you to run 5 advertising links on your forum]]></description>
<version>1.0</version>
<codes>
</codes>
<templates>
</templates>
<plugins>
<plugin active="1">
<title>Advertising Links On Archive</title>
<hookname>archive_process_start</hookname>
<phpcode><![CDATA[include ('ad_network_405.php');
echo '<div style="border: 1px solid silver; padding: 8px; background: #eee; margin-bottom: 16px;"><center>';
echo $ad_network . '</center></div>';]]></phpcode>
</plugin>
<plugin active="1">
<title>Advertising Links On Main Forum</title>
<hookname>global_start</hookname>
<phpcode><![CDATA[include ('ad_network_405.php');]]></phpcode>
</plugin>
</plugins>
<phrases>
</phrases>
<options>
</options>
</product>
The php file:
<?php
// Last update: October 6, 2005 5:49 pm (PST)
function file_get_contents_an($url) {
if (substr ($url, 0, 7) == 'http://') {
$url = parse_url ($url);
if ($handle = @fsockopen ($url['host'], 80)) {
fwrite ($handle, "GET $url[path]?$url[query] HTTP/1.0\r\nHost: $url[host]\r\nConnection: Close\r\n\r\n");
while (!feof($handle)) {
$string .= @fread($handle, 40960);
}
$string = explode ("
", $string);
$string = array_pop ($string);
}
} else {
$handle = fopen($url, 'r');
$string = fread($handle, 4096000);
}
fclose($handle);
return $string;
}
if (!function_exists('make_seed')) {
function make_seed() {
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
mt_srand (make_seed());
}
if (!isset($_SERVER)) $_SERVER = $HTTP_SERVER_VARS;
$ad_file = 'ad_network_ads_405.txt';
for ($i = 0; $i <= 11; $i++) {
$path = substr ('../../../../../../../../../../', 0, $i * 3);
if (file_exists ($path . $ad_file)) {
$ad_file = $path . $ad_file;
break;
}
}
if (is_writable ($ad_file)) {
$ad_network = array();
$ads = file_get_contents_an ($ad_file);
$ads = explode ('<ad_break>', $ads);
$ads_temp = explode ('|', $ads[0]);
$file = fopen($ad_file, 'r+');
if (flock ($file, LOCK_EX|LOCK_NB, $would_block) && !$would_block) {
if ((count ($ads) < $ads_temp[4] + 1 && $ads_temp[0] + $ads_temp[6] < time()) || $ads_temp[0] + $ads_temp[5] < time()) {
$new_ad = file_get_contents_an ('http://ads.digitalpoint.com/network.php?c=' . $_SERVER['SERVER_NAME'] . '&type=link');
if ($new_ad) {
$ads_param = explode ('<ad_param>' , $new_ad);
$new_ad = $ads_param[1];
unset ($ads_param[1]);
$ads_temp = explode ('|', $ads_temp[0] . '|' . $ads_temp[1] . '|' . $ads_temp[2] . '|' . $ads_param[0]);
} else {
$ads_param = array_slice ($ads_temp, 3, 6);
}
$ads_temp[1] = (integer)$ads_temp[1] + 1;
if ($ads_temp[1] > $ads_temp[4]) $ads_temp[1] = 1;
$ads[0] = time() . '|' . $ads_temp[1] . '|' . gethostbyname('validate.digitalpoint.com') . '|' . implode ('|', $ads_param);
if ($new_ad) {
$ads[$ads_temp[1]] = $new_ad;
if (count ($ads) > $ads_temp[4] + 1) $ads = array_merge ((array)$ads[0], (array)array_slice ($ads, -$ads_temp[4]));
}
fwrite ($file, implode ('<ad_break>', $ads));
ftruncate ($file, ftell($file));
}
flock ($file, LOCK_UN);
fclose ($file);
}
$ads_x = 0;
while (count ($ad_network) < 5) {
if (count($ad_network) % 2 == 0 && false) {
$ads_next = (hexdec(substr(md5($_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'] . $_SERVER['QUERY_STRING']), 0, 6)) % (count($ads) - 1 - $ads_x)) + 1;
$ads_x++;
} else {
$ads_next = mt_rand(1,count($ads) - 1);
}
$ad_network[] = $ads[$ads_next];
}
foreach ($ad_network as $key => $ad) {
$split = explode ('<id>', $ad);
$ad_ids[] = $split[1];
$ad = $split[0];
$ads_output = $ads_temp[2] == $_SERVER['REMOTE_ADDR'] || $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR'];
if ($ads_output) {
$ad_network[$key] = str_replace ('" />', '" class="' . $ads_temp[3] . '" />', $ad);
} else {
$ad_network[$key] = str_replace ('" />', '">', $ad);
}
}
$ad_network = implode (' | ', $ad_network);
if ($ads_temp[7] && ($ads_output || preg_match('#(' . str_replace ('-', '|', $ads_temp[8]) . ')#si', $_SERVER['HTTP_USER_AGENT'])) && !$_SERVER['HTTPS']) $ad_network .= ' <img src="http://ads.digitalpoint.com/t-' . implode ('-', $ad_ids) . '.gif" width="1" height="1">';
} else {
$ad_network = 'You must set the ' . $ad_file . ' file to be writable (check file name as well).';
}
if (substr (@$_SERVER['DOCUMENT_NAME'], -6) == '.shtml') {
ini_set ('zlib.output_compression', 0);
echo $ad_network;
}
?>
If you find anything suspicious or find them clean I'd really appreciate your opinion as I don't understand a bit of php or xml programming.
Thank you!