$val) { GLOBAL $no_register_global; securityCheck($key,$val); if(!$no_register_global) ${$key}=$val; } foreach ($_POST as $key=>$val) { GLOBAL $no_register_global; securityCheck($key,$val); if(!$no_register_global) ${$key}=$val; } //komplette URL (Pfad+Query-String) wird überprüft securityCheck("",$_SERVER['REQUEST_URI']); function securityCheck($key,$val) { //Arrays nicht prüfen und Variabele von Shop-Einstellungen für ConvesionTracking if($val AND is_array($val) OR $key=="ga_conversion_global" OR $key=="ga_conversion_signup" OR $key=="ga_conversion_order" OR $key == "ref") return ""; if($key=="sid" AND strlen($val)>=38) fail2ban($key,$val,"301"); else if((substr($key,-3)=="_id" OR $key=="id") AND !is_int($val+1)) fail2ban($key,$val,"302"); else if(preg_match("/cmdshell|exec master|%TEMP%|cmd \/c|wait for delay|;select|select sleep|dnstun|waitfor delay/i",$val)) fail2ban($key,$val,"303"); else if(preg_match("/#temp#|cmd \/c|xampp|char\(|chr\(|bin\(|union all|all select|union select|null,null/i",$val)) fail2ban($key,$val,"304"); else if(preg_match("/boolean mode|concat\(|convert\(|case when|then 1 else|drop function|dbms_pipe/i",$val)) fail2ban($key,$val,"305"); else if(preg_match("/sleep\(|select upper|select var|@version|ping -n|select server|1=1/i",$val)) fail2ban($key,$val,"306"); else if(preg_match("/|alert\(|console\.log|=eval|xss\.js/i",$val)) fail2ban($key,$val,"307"); else if(preg_match("/\/\*\*|load_file|get_host_address|utl_inaddr|utl_http|adduser|sys\.login_user|granted_role/i",$val)) fail2ban($key,$val,"308"); else if(preg_match("/sys\.all_tables|sysobjects|non_existant_table|user_name\(|sysadmin|sp_addlogin|onload=|mysql\.user|create user/i",$val)) fail2ban($key,$val,"309"); else if(preg_match("/addsrvrolemember|xpression\(/i",$val)) fail2ban($key,$val,"310"); } function fail2ban($key,$val,$error) { //Query String ermitteln foreach ($_GET as $key => $value) if(is_string($value)) $query_string[] = $key."=".substr($value,0,100); foreach ($_POST as $key => $value) if(is_string($value)) $query_string[] = $key."=".substr($value,0,100); if($GLOBALS["HTTP_RAW_POST_DATA"]) { $data=json_decode($GLOBALS["HTTP_RAW_POST_DATA"]); foreach ($data as $key => $value) { if($value) $query_string[] = $key."=".substr($value,0,200); } } if($query_string) $query_string=implode("\n",$query_string); $datei = $_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"]; $error2 = "Dateiname: $datei\n\nParameter: $query_string"; //Fail2Ban $svMeldung="error $error -> $key : $val $error2 "; include($_SERVER['DOCUMENT_ROOT']."/data/fail2ban.inc.php"); exit(); } ?>system=&$system; $this->sid=&$system->sid; $this->k_id = &$system->k_id; $this->ftp_host=$FTPHostSystem; $this->ftp_user=$FTPUserSystem; $this->ftp_pw=$FTPPWSystem; $this->ftp_path=$FTPPathFiles; $this->ftp_root_path=$FTPPATHSystem; $this->ftp_shop_host=$FTPShopHostSystem; $this->ftp_shop_user=$FTPShopUserSystem; $this->ftp_shop_pw=$FTPShopPWSystem; $this->ftp_shop_path=$FTPShopPATHSystem; } function addShopFile($modul,$folder,$datei,$datei_name) { $k_id=$this->k_id; $shop_exists=$this->system->db->shop_settings->TakeData("id","status=1 AND k_id='$k_id'"); //Wenn Shop exisitiert, dann Bilder auf Shopserver hochladen if($shop_exists AND $this->ftp_shop_host) { $this->org_ftp_host=$this->ftp_host; $this->org_ftp_user=$this->ftp_user; $this->org_ftp_pw=$this->ftp_pw; $this->org_ftp_path=$this->ftp_path; $this->ftp_host=$this->ftp_shop_host; $this->ftp_user=$this->ftp_shop_user; $this->ftp_pw=$this->ftp_shop_pw; $this->ftp_path=$this->ftp_shop_path; $datei_name=$this->addFile($modul,$folder,$datei,$datei_name); $this->ftp_host=$this->org_ftp_host; $this->ftp_user=$this->org_ftp_user; $this->ftp_pw=$this->org_ftp_pw; $this->ftp_path=$this->org_ftp_path; } //Ansonsten in emediaone unter files/k_id/product_images hocladen else { $datei_name=$this->addFile($modul,$folder,$datei,$datei_name); } return $datei_name; } function addFile($modul,$folder,$datei,$datei_name) { $conn_ftp = ftp_connect($this->ftp_host,21, 300); $ftp = ftp_login($conn_ftp,$this->ftp_user,$this->ftp_pw); if(!$ftp) {$this->error="Verbindung zum FTP-Server $this->ftp_host fehlgeschlagen"; return 0;} //In Rootpfad und Modul Verzeichnis wechseln @ftp_mkdir($conn_ftp,$this->ftp_path."/".$this->k_id); $modul = $this->ftp_path."/".$this->k_id."/".$modul; $modul = str_replace("//","/",$modul); @ftp_mkdir($conn_ftp,$modul); @ftp_chdir($conn_ftp,$modul); //In Unterverzeichnis wechseln $folder = str_replace("//","/",$folder); $array_folder=preg_split("/\//",$folder); for($i=0;$ioverwrite) { $liste = ftp_nlist($conn_ftp,""); $count=count($liste); for($i=0;$i<$count;$i++) { $file=explode("/",$liste[$i]); $count2=count($file) - 1; $file=$file[$count2]; ${"$svFile".$file}=1; } } $array=$this->system->sonstige->getFilenameAndExt($datei_name); $name=$array[name]; $name2=$array[name]; $ext=$array[ext]; $datei_name_neu=$datei_name; for($i=1;$i<10000;$i++) { $datei_name_neu="$name2.$ext"; if(${"$svFile".$datei_name_neu}) $name2=$name."_$i"; else break; } //Datei hochladen $ftp =ftp_put($conn_ftp,$datei_name_neu,$datei,FTP_BINARY); if(!$ftp) {$this->error="Upload der Datei '$datei_name' auf FTP-Server $this->ftp_host fehlgeschlagen"; return 0;} ftp_quit($conn_ftp); return $datei_name_neu; } function getFilelist($modul,$folder) //derzeit unbenutzt { $conn_ftp = @ftp_connect($this->ftp_host,21); $ftp = @ftp_login($conn_ftp,$this->ftp_user,$this->ftp_pw); if(!$ftp) {$this->error="Verbindung zum FTP-Server $this->ftp_host fehlgeschlagen"; return 0;} //In Rootpfad und Modul Verzeichnis wechseln $modul = $this->ftp_path."/".$this->k_id."/".$modul."/".$folder; $modul = str_replace("//","/",$modul); @ftp_chdir($conn_ftp,$modul); $array = ftp_nlist($conn_ftp,""); $array2=array(); $count=count($array); for($i=0;$i<$count;$i++) { if($array[$i]!=".." AND $array[$i]!="." AND $array[$i]!=".htaccess" AND preg_match("/.jpg|.png|.gif/",$array[$i])) $array2[]=$array[$i]; } return $array2; } function getFolderFilelist($folder) //derzeit bei Typ-Icon Auswahl { $conn_ftp = @ftp_connect($this->ftp_host,21); $ftp = @ftp_login($conn_ftp,$this->ftp_user,$this->ftp_pw); if(!$ftp) {$this->error="Verbindung zum FTP-Server $this->ftp_host fehlgeschlagen"; return 0;} //In Rootpfad und Modul Verzeichnis wechseln $folder = $this->ftp_root_path."/".$folder; $folder = str_replace("//","/",$folder); @ftp_chdir($conn_ftp,$folder); $array = ftp_nlist($conn_ftp,""); $array2=array(); $count=count($array); for($i=0;$i<$count;$i++) { if($array[$i]!=".." AND $array[$i]!="." AND $array[$i]!=".htaccess" AND preg_match("/.jpg|.png|.gif/",$array[$i])) $array2[]=$array[$i]; } return $array2; } function delShopFile($modul,$folder,$datei_name) { $this->org_ftp_host=$this->ftp_host; $this->org_ftp_user=$this->ftp_user; $this->org_ftp_pw=$this->ftp_pw; $this->org_ftp_path=$this->ftp_path; $this->ftp_host=$this->ftp_shop_host; $this->ftp_user=$this->ftp_shop_user; $this->ftp_pw=$this->ftp_shop_pw; $this->ftp_path=$this->ftp_shop_path; $datei_name=$this->delFile($modul,$folder,$datei_name); $this->ftp_host=$this->org_ftp_host; $this->ftp_user=$this->org_ftp_user; $this->ftp_pw=$this->org_ftp_pw; $this->ftp_path=$this->org_ftp_path; return 1; } function delFile($modul,$folder,$datei_name) { $conn_ftp = @ftp_connect($this->ftp_host,21); $ftp = @ftp_login($conn_ftp,$this->ftp_user,$this->ftp_pw); if(!$ftp) {$this->error="Verbindung zum FTP-Server $this->ftp_host fehlgeschlagen"; return 0;} //In Rootpfad und Modul Verzeichnis wechseln $modul = $this->ftp_path."/".$this->k_id."/".$modul; $modul = str_replace("//","/",$modul); @ftp_mkdir($conn_ftp,$modul); @ftp_chdir($conn_ftp,$modul); //In Unterverzeichnis wechseln $folder = str_replace("//","/",$folder); @ftp_mkdir($conn_ftp,$folder); @ftp_chdir($conn_ftp,$folder); //Datei löschen @ftp_delete($conn_ftp,$datei_name); @ftp_quit($conn_ftp); return 1; } function Delete($dateiname,$pfad) { $conn_ftp = @ftp_connect($this->ftp_host,21); $ftp = @ftp_login($conn_ftp,$this->ftp_user,$this->ftp_pw); if(!$ftp) return 0; ftp_chdir($conn_ftp,$this->ftp_path); ftp_chdir($conn_ftp,$pfad); ftp_delete($conn_ftp,$dateiname); ftp_quit($conn_ftp); return 1; } function delFolder($modul,$folder) { $conn_ftp = @ftp_connect($this->ftp_host,21); $ftp = ftp_login($conn_ftp,$this->ftp_user,$this->ftp_pw); if(!$ftp) {$this->error="Verbindung zum FTP-Server $this->ftp_host fehlgeschlagen"; return 0;} //In Rootpfad und Modul Verzeichnis wechseln $modul = $this->ftp_path."/".$this->k_id."/".$modul; $modul = str_replace("//","/",$modul); @ftp_chdir($conn_ftp,$modul); //Verzeichnis löschen $folder = str_replace("//","/",$folder); @ftp_rmdir($conn_ftp,$folder); @ftp_quit($conn_ftp); return 1; } function makeFolder($modul,$folder) { $conn_ftp = @ftp_connect($this->ftp_host,21); $ftp = ftp_login($conn_ftp,$this->ftp_user,$this->ftp_pw); if(!$ftp) {$this->error="Verbindung zum FTP-Server $this->ftp_host fehlgeschlagen"; return 0;} //In Rootpfad und Modul Verzeichnis wechseln $pfad = $this->ftp_path."/".$this->k_id; @ftp_chdir($conn_ftp,$pfad); //in Modul wechseln $modul = str_replace("//","/",$modul); @ftp_mkdir($conn_ftp,$modul); @ftp_chdir($conn_ftp,$modul); //Verzeichnis erstellen $folder = str_replace("//","/",$folder); @ftp_mkdir($conn_ftp,$folder); @ftp_quit($conn_ftp); return 1; } //Nur bei Anlage eines emediaone-Accounts function makeStartFolder($KID=0) { $conn_ftp = @ftp_connect($this->ftp_host,21); $ftp = ftp_login($conn_ftp,$this->ftp_user,$this->ftp_pw); if(!$ftp) {$this->error="Verbindung zum FTP-Server $this->ftp_host fehlgeschlagen"; return 0;} if(!$KID) $KID=$this->k_id; //KundenID in Kundenordner als ID erstellen @ftp_chdir($conn_ftp,$this->ftp_path); @ftp_mkdir($conn_ftp,$this->k_id); @ftp_quit($conn_ftp); return 1; } function downloadFile($modul,$folder,$datei_name) { $conn_ftp = @ftp_connect($this->ftp_host,21); $ftp = ftp_login($conn_ftp,$this->ftp_user,$this->ftp_pw); if(!$ftp) {$this->error="Verbindung zum FTP-Server $this->ftp_host fehlgeschlagen"; return 0;} //Verzeichnis wechseln $modul = $this->ftp_path."/".$this->k_id."/".$modul; $modul = str_replace("//","/",$modul); @ftp_chdir($conn_ftp,$modul); $folder = str_replace("//","/",$folder); @ftp_chdir($conn_ftp,$folder); $file = fopen($datei_name,"a+"); $mode = FTP_BINARY; ftp_fget($conn_ftp,$file,$datei_name,$mode); $suffix=$this->get_file_ext($datei_name); $len = filesize($datei_name); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Content-type: ".$this->system->sonstige->getContentType($suffix)."\n"); //or yours? header("Content-Transfer-Encoding: binary"); header("Content-Disposition: attachment; filename=\"$datei_name\";\n\n"); readfile($datei_name); unlink($datei_name); } function getFile($modul,$folder,$datei_name) { $conn_ftp = @ftp_connect($this->ftp_host,21); $ftp = ftp_login($conn_ftp,$this->ftp_user,$this->ftp_pw); if(!$ftp) {$this->error="Verbindung zum FTP-Server $this->ftp_host fehlgeschlagen"; return 0;} //Verzeichnis wechseln $modul = $this->ftp_path."/".$this->k_id."/".$modul; $modul = str_replace("//","/",$modul); @ftp_chdir($conn_ftp,$modul); $folder = str_replace("//","/",$folder); @ftp_chdir($conn_ftp,$folder); $file = fopen($datei_name,"w+"); $mode = FTP_BINARY; @ftp_fget($conn_ftp,$file,$datei_name,$mode); } function getShopFile($modul,$folder,$datei_name) { //Datei vom Shop-FTP holen $conn_ftp = @ftp_connect($this->ftp_shop_host,21); $ftp = ftp_login($conn_ftp,$this->ftp_shop_user,$this->ftp_shop_pw); if(!$ftp) {$this->error="Verbindung zum FTP-Server $this->ftp_shop_host fehlgeschlagen"; return 0;} //Verzeichnis wechseln $modul = $this->ftp_shop_path."/".$this->k_id."/".$modul; $modul = str_replace("//","/",$modul); @ftp_chdir($conn_ftp,$modul); $folder = str_replace("//","/",$folder); @ftp_chdir($conn_ftp,$folder); $file = fopen($datei_name,"a+"); $mode = FTP_BINARY; @ftp_fget($conn_ftp,$file,$datei_name,$mode); return $datei_name; } function copyFile($pfad_von,$dateiname_von,$pfad_zu,$dateiname_zu) { $this->getFile($pfad_von,"",$dateiname_von); $this->file->addFile($pfad_zu,"",$dateiname_von,$dateiname_zu); unlink($dateiname_von); } function get_file_ext($name) { return (false === ( $p = strrpos($name, '.') ) ? '' : substr($name, ++$p)); } } ?>