|
|
|
|
| Author |
Message |
Protect-X Support
Joined: 30 Oct 2006
Posts: 934
Rank: 35
|
 Posted: 16 Nov 2006 18:46 Post subject: About include - Protectx.php |
 |
|
Protect-X developers often see topics on the different forums about Protect-X script functions, security of using our script and other relevant questions. That is why we decided to put our script code with detailed comments on the site. The button code that you put in your page is including script code from protectx.php that stored in your resource directory. Protectx.php is the client part of the script. When someone hits on your page, client part connects to the server part of the script that records hit's information.
We are advising to enable CHMOD 777 on protectx.php file. This permission allows auto update of the script, as we add new functions to the system. This is the only reason for that permission. Often host administrators advise their users not to set this permission. This will not cause our script to work incorrectly. The only change is that the webmaster will be needed to update the script file manually when there will be a new update (if he wants to use the features of a new version). Also protectx.php script creates two files on your server:
1. Protectx_hl.jpg - graphic image which created once and used for correct work of the hidden links function.
2. Dynamic .php file - every time (once per day) name of this file is changing. URL of the hidden link refers to this file. When bot clicks on the hidden link, it passes to this file which redirects the hit bot to Protect-X server and records the information to your statistics.
All the php files of our script are open and not decoded so you always can see the source of them, we have nothing to hide.
<?
This function converts IP address from Point Decimal to Number
function ip2int($ip) {
$a=explode(".",$ip);
return $a[0]*256*256*256+$a[1]*256*256+$a[2]*256+$a[3];
}
This function converts IP address from number to Point Decimal
function int2ip($i) {
$d[0]=(int)($i/256/256/256);
$d[1]=(int)(($i-$d[0]*256*256*256)/256/256);
$d[2]=(int)(($i-$d[0]*256*256*256-$d[1]*256*256)/256);
$d[3]=$i-$d[0]*256*256*256-$d[1]*256*256-$d[2]*256;
return "$d[0].$d[1].$d[2].$d[3]";
}
Section 1: Checks the existence of files needed for Hidden Links function to work.
Checks the existence of protect_hl.jpg file, If there is no such file the script will download it from our server and save it on your side.
if (!file_exists('protectx_hl.jpg')){
$pimg=@file_get_contents('http://www.protect-x.com/protectx_hl.jpg');
$handle = @fopen("protectx_hl.jpg", 'w');
@fwrite($handle, $pimg);
@fclose($handle);
}
If there is protectx_hl.jpg file on the server the script sets a flag that tells our server to include the section of hidden links, if not the hidden links will not be created.
if (file_exists('protectx_hl.jpg')){
$islink='1';
}
Creates a unique file (that the bot wouldn't analyze the static hard link and will not click on it) generates the content of that file that will send the click on the hidden link to our server.
$new_file="<? \$hct=@file_get_contents('http://www.protect-x.com/hiddenlink.php?code='.\$_GET['code'].'&r=".'\'.$_GET[\'ref\']'."); ?>";
$hlfn = @file_get_contents('http://www.protect-x.com/hiddenlinks/check.php');
list($old,$new)=explode('|',$hlfn);
if (!file_exists($new)){
if (file_exists($old))
unlink($old);
$w=@fopen($new,'w');
@flock($w,2);
@fwrite($w,$new_file."\n");
@flock($w,3);
@fclose($w);
}
section 2: collecting the information about the surfer and button generation.
Collecting the information about the surfer.
$parts=urlencode(serialize($_SERVER));
$ip=getenv("REMOTE_ADDR");
checking if there is a new version of the script.
$aurl='http://www.protect-x.com/autoupdate/check.php?code=CODE_HERE';
$lfrom=urlencode("http://".$_SERVER['SERVER_NAME']);
getting from our server the information about which button to display.
$url='http://www.protect-x.com/protectx.php?code=CODE_HERE&islink='.$islink.'&b=1&f='.urlencode($_SERVER['HTTP_REFERER']).'&st='.ip2int($ip).'&lfrom='.$lfrom."&srv=$parts";
$body = @file_get_contents($url);
displaying the button
echo $body;
section 3: Auto update
$check = @file_get_contents($aurl);
if (strlen($check)>2){
$protect_file='protectx.php';
if (is_writable($protect_file)){
$w=fopen($protect_file,'w');
flock($w,2);
fwrite($w,$check."\n");
flock($w,3);
fclose($w);
}
}
?>
_________________
Free A-B-C-D Hard Links Exchange Automatic System:
http://www.protect-x.com/index.php?go=shardlinks
Visit other Protect-X sections:
Find/Add NEW SPONSORS:
http://www.protect-x.com/index.php?go=findsponsors |
|
| Back to top |
|
sharphead
Joined: 17 Nov 2006
Posts: 23
Rank: 4
Location: Winnipeg, MB
|
| Posted: 20 Nov 2006 15:30 Post subject: |
|
|
| Code: | | fopen($protect_file,'w'); |
Just a FYI that Dreamhost does not support fopen(). Dreamhost CURL Wiki Entry You may need to program this line in cURL to support hosts that disable fopen due to security concerns. More about the Client URL Library Functions in PHP. Awesome post and thanks for the information. Essentially, the script creates a hidden link that a human surfer will not see, but a bot can't tell it's hidden and will click it anyways, since it sees all links on the page by tearing apart it's source.
I run a non-adult site that needed fopen as well, but cURL is a perfect replacement and more secure in the end. |
|
| Back to top |
|
Protect-X Support
Joined: 30 Oct 2006
Posts: 934
Rank: 35
|
|
| Back to top |
|
Protect-X Support
Joined: 30 Oct 2006
Posts: 934
Rank: 35
|
|
| Back to top |
|
|
|
|
|
|
|
|
|
|
|
|
ADVERTISEMENT
|
|
|
