[quote="cback - Fr 12.Aug, 2005 16:35";p="41516"]
aber sonst wurde von der BBgroup nichts an deinem lighter sabotiert
2.0.17, viewtopic.php
[/quote]
Code: Alles auswählen
#
#-----[ OPEN ]---------------------------------------------
#
viewtopic.php
#
#-----[ FIND ]---------------------------------------------
# Line 992
$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . $lang['Search_user_posts'] . '" title="' . $lang['Search_user_posts'] . '" border="0" /></a>';
$search = '<a href="' . $temp_url . '">' . $lang['Search_user_posts'] . '</a>';
#
#-----[ REPLACE WITH ]---------------------------------------------
#
$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . $lang['Search_user_posts'] . '" title="' . sprintf($lang['Search_user_posts'], $postrow[$i]['username']) . '" border="0" /></a>';
$search = '<a href="' . $temp_url . '">' . sprintf($lang['Search_user_posts'], $postrow[$i]['username']) . '</a>';
hat wohl wenig mit dem highlight zu tun?!
wenn hast DU vergessen bei der 3.0.x das $highlight = urlencode($HTTP_GET_VARS['highlight']); mit auf lighter umzuschreiben, aber das macht auch nur bei weiterführenden links irgendwas! sonst wird diese variable nicht sinnvoll benutzt.
fakt ist die updateanleitung scheint nicht auf die ehemaligen lighter-changes in der search einzugehen (oder oxpus hats verbockt
, weil hier gehts nicht), und wie gesagt würde/werde
ich bei dem weg von "lighter" bleiben
BTW das mit der suche ist zwar sehr schön gelöst aber bei großen boards wohl ein problem da das dort zu nem DDos ausartet wenn 30 gäste auf die suche wollen, ich hab das schon vor einiger zeit mal geschrieben über ne finktion die zum einen erste beim absenden der suche greift (hat der user zeit seine suche zu definieren) und dann "leider" mit SQL abfragen
Code: Alles auswählen
function check_searchflood()
{
global $config, $user, $db, $lang;
$flood_interval = $config->data['search_interval'];
$last_time = ($current_time = time())-$flood_interval;
//
// Flood control
//
$sql = "SELECT search_time
FROM " . SEARCH_TABLE . "
WHERE session_id = '". $user->data['session_id'] . "'
ORDER BY search_time DESC LIMIT 1";
if ( !($result_time = $db->sql_query($sql)) )
message_die(GENERAL_ERROR, 'Fehler', '', __LINE__, __FILE__, $sql);
$row_time = $db->sql_fetchrow($result_time);
if (($current_time - $row_time['search_time']) < $flood_interval)
message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']);
if (!$row_time['search_time'])
{
//
// Flood control full
//
$sql = "SELECT s.search_time
FROM " . SESSIONS_TABLE . " se LEFT JOIN " . SEARCH_TABLE . " s ON se.session_id = s.session_id
WHERE se.session_ip= '" . $user->data['session_ip'] . "'
AND se.session_time > '" . $last_time."'
AND se.session_logged_in = '0'
ORDER BY s.search_time DESC LIMIT 1";
if ( !($result_time = $db->sql_query($sql)) )
message_die(GENERAL_ERROR, 'Fehler', '', __LINE__, __FILE__, $sql);
$row_time = $db->sql_fetchrow($result_time);
if (($current_time - $row_time['search_time']) < $flood_interval)
message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']);
}
$db->sql_freeresult($result_time);
return;
}
das in der zweiten abfrage mit AND se.session_logged_in = '0' müsste man weglassen oder gegen die user ID ersetzen, erfüllt bei mir aber seinen zweck und für die Zeitnahme hab ich einen timestamp in der search_result (was leider auch nur bei erfolgreichen suchen klappt)
EDIT
@cback
was hältst du von dieser ctracker.php ? gibts da was einzuwenden?
Code: Alles auswählen
<?php
/***************************************************************************
* ctracker.php
* -------------------
* copyright : (C) 2005 www.cback.de (Christian Knerr)
* email : webmaster@cback.de
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
//
// StringFilter für Highlighter
//
function SecString($eingang)
{
global $basicprotect, $dynprotect;
$clean_string = '';
// Leichter erweiterbar als patterns, daher über array.
$secdb = array(
"=" => "",
"?" => "",
"*" => "",
"#" => "",
"~" => "",
"/" => "",
"(" => "",
")" => "",
"[" => "",
"]" => "",
"´" => "",
"`" => "",
"\" => "",
"$" => "",
"<" => "<",
">" => ">",
"&" => "&",
""" => """,
"'" => "'",
"\n" => "",
"\t" => "",
"\r" => "",
"\0" => "",
"\x0B" => "");
$clean_string = strtr($eingang,$secdb);
$clean_string = str_replace($basicprotect, '*', $clean_string);
$clean_string = str_replace($dynprotect, '*', $clean_string);
return $clean_string;
}
// Load CTracker Definition File and basic Protection (if the Definition File is damaged or empty you still have the basic protection)
include($phpbb_root_path . "ctracker/engine/definitions." . $phpEx);
$basicprotect = array('chr(', 'wget%20', 'cmd=', 'rush=', 'union%20', 'echr(', 'esystem(', 'cp%20', 'mdir%20', 'mcd%20', 'mrd%20', 'rm%20', 'mv%20', 'rmdir%20', 'chmod(', 'chmod%20', 'chown%20', 'chgrp%20', 'locate%20', 'grep%20', 'diff%20', 'kill%20', 'kill(', 'killall', 'passwd%20', 'telnet%20', 'vi(', 'vi%20', 'insert%20into', 'select%20', 'nigga', 'fopen', 'fwrite', '$_request', '$_get');
// Load Cache File with some Settings
// include($phpbb_root_path . "ctracker/engine/cachelist." . $phpEx);
$ctrack_logentrys = 200;
// URL Protection Engine
$cracktrack = $_SERVER['QUERY_STRING'];
$cracktrack = strtolower($cracktrack);
$checkworm = str_replace($basicprotect, '*', $cracktrack);
$checkworm = str_replace($dynprotect, '*', $checkworm);
// Main Protecton Engine (Check URL, block Attacks)
$lighter = $_GET['lighter'];
$qfrom = $_SERVER['HTTP_REFERER'];
$mvalid = str_replace('search.php', '*', $qfrom);
// Direct Protection, no Search
if ($cracktrack != $checkworm)
{
// Begin Attempt-Counter
$varnum = 0;
$countername = $phpbb_root_path . "cache/counter.txt";
$count_value1 = @file_get_contents($countername);
$count_value1++;
$fp = fopen ($phpbb_root_path . 'cache/counter.txt', 'a');
ftruncate($fp, '0');
$counterstring = $count_value1;
fwrite ($fp, $counterstring);
fclose ($fp);
// End Attempt-Counter
$cremotead = $_SERVER['REMOTE_ADDR'];
$cuseragent = $_SERVER['HTTP_USER_AGENT'];
$cstampdate = date(dmy);
$cstamptime = time();
$ctrackerlog = "$cstamptime,$cstampdate,$cremotead,$cracktrack,$cuseragent";
$cfilesize = count(file($phpbb_root_path . "cache/logfile_injects.txt"));
if ($cfilesize > $ctrack_logentrys)
{
$clog = fopen($phpbb_root_path . "cache/logfile_injects.txt", "a");
ftruncate($clog, '0');
fwrite($clog, "AUTOMATIC LOG FILE RESET: ".date(r)." -- CrackerTracker by http://www.community.cback.de \n");
fclose($clog);
}
else
{
$clog = fopen($phpbb_root_path . 'cache/logfile_injects.txt', 'a');
fwrite($clog,$ctrackerlog."\n");
fclose($clog);
}
if (($lighter != '') and ($qfrom != $mvalid)) die( "Don't try that! <br /><br /><b>Attempt Logged and Blocked:</b><br />$ctrackerlog" );
}
?>