Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
  #1  
Old 07-30-2006, 02:04 AM
D2S05 D2S05 is offline
 
Join Date: Oct 2005
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default How do I get sure I'm not being hacked?

Hi, I'm not sure if this is the correct subforum, feel free to move it if it's not.

I've been contacted by an agent from ztmc.com, this guy offered me $50.00 USD in advance each month for introducing text ads in our vb board. When I accepted, he sent me not a HTTP code as I though he would, but some php and xml files and I'd like to be sure those files are completely safe:

The instructions:

Quote:
* Upload the empty file named ad_network_ads_405.txt set the web server to have write permissions to this file. An easy way to set the permissions would be with the following command:

chmod 666 ad_network_ads_265.txt

* Upload ad_network_405.php (note both files should be uploaded to the root of the forums)
* In the Styles/Templates section of the Admin section, edit the SHOWTHREAD_SHOWPOST, printthread and footer templates, and add the following to it (somewhere appropriate):

footer:
$ad_network


# Import product-advertising_links.xml under AdminCP -> Plugin System -> Manage Products -> Add/Import Product
The xml file:

Code:
<?xml version="1.0" encoding="ISO-8859-1"?>

<product productid="advertising_links" active="1">
	<title>Advertising Links</title>
	<description><![CDATA[Allows you to run 5 advertising links on your forum]]></description>
	<version>1.0</version>
	<codes>
	</codes>
	<templates>
	</templates>
	<plugins>
		<plugin active="1">
			<title>Advertising Links On Archive</title>
			<hookname>archive_process_start</hookname>
			<phpcode><![CDATA[include ('ad_network_405.php');	
echo '<div style="border: 1px solid silver; padding: 8px; background: #eee; margin-bottom: 16px;"><center>';
echo $ad_network . '</center></div>';]]></phpcode>
		</plugin>
		<plugin active="1">
			<title>Advertising Links On Main Forum</title>
			<hookname>global_start</hookname>
			<phpcode><![CDATA[include ('ad_network_405.php');]]></phpcode>
		</plugin>
	</plugins>
	<phrases>
	</phrases>
	<options>
	</options>
</product>
The php file:

Code:
<?php
	// Last update:  October 6, 2005 5:49 pm (PST)

	function file_get_contents_an($url) {
		if (substr ($url, 0, 7) == 'http://') {
			$url = parse_url ($url);
			if ($handle = @fsockopen ($url['host'], 80)) {
				fwrite ($handle, "GET $url[path]?$url[query] HTTP/1.0\r\nHost: $url[host]\r\nConnection: Close\r\n\r\n");
				while (!feof($handle)) {
					$string .= @fread($handle, 40960);
				}
				$string = explode ("
", $string);
				$string = array_pop ($string);
			}
		} else {
			$handle = fopen($url, 'r');
			$string = fread($handle, 4096000);
			
		}
		fclose($handle);
		return $string;
	}
	
	if (!function_exists('make_seed')) {
		function make_seed() {
			list($usec, $sec) = explode(' ', microtime());
			return (float) $sec + ((float) $usec * 100000);
		}
		mt_srand (make_seed());
	}

	if (!isset($_SERVER)) $_SERVER = $HTTP_SERVER_VARS;

	$ad_file = 'ad_network_ads_405.txt';
	for ($i = 0; $i <= 11; $i++) {
		$path = substr ('../../../../../../../../../../', 0, $i * 3);
		if (file_exists ($path . $ad_file)) {
			$ad_file = $path . $ad_file;
			break;
		}
	}

	if (is_writable ($ad_file)) {
		$ad_network = array();
		$ads = file_get_contents_an ($ad_file);
		$ads = explode ('<ad_break>', $ads);
		$ads_temp = explode ('|', $ads[0]);

		$file = fopen($ad_file, 'r+');
		if (flock ($file, LOCK_EX|LOCK_NB, $would_block) && !$would_block) {
			if ((count ($ads) < $ads_temp[4] + 1 && $ads_temp[0] + $ads_temp[6] < time()) || $ads_temp[0] + $ads_temp[5] < time()) {
				$new_ad = file_get_contents_an ('http://ads.digitalpoint.com/network.php?c=' . $_SERVER['SERVER_NAME'] . '&type=link');
				if ($new_ad) {
					$ads_param = explode ('<ad_param>' , $new_ad);
					$new_ad = $ads_param[1];
					unset ($ads_param[1]);
					$ads_temp = explode ('|', $ads_temp[0] . '|' . $ads_temp[1] . '|' . $ads_temp[2] . '|' . $ads_param[0]);
				} else {
					$ads_param = array_slice ($ads_temp, 3, 6);
				}
				$ads_temp[1] = (integer)$ads_temp[1] + 1;
				if ($ads_temp[1] > $ads_temp[4]) $ads_temp[1] = 1;
				$ads[0] = time() . '|' . $ads_temp[1] . '|' . gethostbyname('validate.digitalpoint.com') . '|' . implode ('|', $ads_param);
				if ($new_ad) {
					$ads[$ads_temp[1]] = $new_ad;
					if (count ($ads) > $ads_temp[4] + 1) $ads = array_merge ((array)$ads[0], (array)array_slice ($ads, -$ads_temp[4]));
				}
				fwrite ($file, implode ('<ad_break>', $ads));
				ftruncate ($file, ftell($file));
			}
			flock ($file, LOCK_UN);
			fclose ($file);
		}
		$ads_x = 0;
		while (count ($ad_network) < 5) {
			if (count($ad_network) % 2 == 0 && false) {
				$ads_next = (hexdec(substr(md5($_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'] . $_SERVER['QUERY_STRING']), 0, 6)) % (count($ads) - 1 - $ads_x)) + 1;
				$ads_x++;
			} else {
				$ads_next = mt_rand(1,count($ads) - 1);
			}
			$ad_network[] = $ads[$ads_next];
		}
		foreach ($ad_network as $key => $ad) {
			$split = explode ('<id>', $ad);
			$ad_ids[] = $split[1];
			$ad = $split[0];
			$ads_output = $ads_temp[2] == $_SERVER['REMOTE_ADDR'] || $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR'];
			if ($ads_output) {
				$ad_network[$key] = str_replace ('" />', '" class="' . $ads_temp[3] . '" />', $ad);
			} else {
				$ad_network[$key] = str_replace ('" />', '">', $ad);
			}
		}
		$ad_network = implode (' | ', $ad_network);
		if ($ads_temp[7] && ($ads_output || preg_match('#(' . str_replace ('-', '|', $ads_temp[8]) . ')#si', $_SERVER['HTTP_USER_AGENT'])) && !$_SERVER['HTTPS']) $ad_network .= ' <img src="http://ads.digitalpoint.com/t-' . implode ('-', $ad_ids) . '.gif" width="1" height="1">';
	} else {
		$ad_network = 'You must set the ' . $ad_file . ' file to be writable (check file name as well).';
	}
		if (substr (@$_SERVER['DOCUMENT_NAME'], -6) == '.shtml') {
		ini_set ('zlib.output_compression', 0);
		echo $ad_network;
	}

?>
If you find anything suspicious or find them clean I'd really appreciate your opinion as I don't understand a bit of php or xml programming.


Thank you!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:11 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03177 seconds
  • Memory Usage 2,218KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete