Ercan hocam CrackerTracker Professional 2nd Edition kurulumunu istemiştin, kodlarda yapacğın değişiklikler burada şimdiden kolay gelsin.
##############################################################
## MOD Title: CrackerTracker Professional 2nd Edition
## MOD Author: cback <
webmaster@cback.de > (Christian Knerr)
http://www.cback.de## MOD Description: CrackerTracker Professional 2nd Edition is your Security
## Center for your phpBB. The MOD has enhanced
## features to block Worms before they can Exploit your
## forum or before they can make lots of traffic to your
## Server. We also add some nice Admin features against Spammers
## into your phpBB for example routines to stop Mass Mailing with
## phpBB or a system wich detects spamming or flooding users.
##
## MOD Version: 4.1.4
##
## Installation Level: Intermediate
## Installation Time: 24 Minutes
## Files To Edit: common.php
## includes/functions.php
## includes/page_tail.php
## includes/constants.php
## templates/subSilver/overall_footer.tpl
## search.php
## includes/usercp_register.php
## includes/functions_post.php
## includes/usercp_email.php
## includes/usercp_sendpasswd.php
## includes/usercp_activate.php
## login.php
## templates/subSilver/login_body.tpl
## Included Files: root/admin/admin_ct_blocker.php
## root/admin/admin_ct_config.php
## root/admin/admin_ct_footer.php
## root/admin/admin_ct_logs.php
## root/admin/admin_ct_seccheck.php
## root/admin/admin_ct_systest.php
## root/ctracker/images/acp_box.jpg
## root/ctracker/images/acp_box1.jpg
## root/ctracker/images/acp_head.jpg
## root/ctracker/images/acp_head_bg.jpg
## root/ctracker/images/acp_mini_box.jpg
## root/ctracker/images/cback_ctracker_button.gif
## root/ctracker/images/cback_ctracker_mini.gif
## root/ctracker/logs/counter.txt
## root/ctracker/logs/logfile_flood.txt
## root/ctracker/logs/logfile_proxy.txt
## root/ctracker/logs/logfile_worms.txt
## root/ctracker/ct_confirm.php
## root/ctracker/ct_footer.php
## root/ctracker/ct_functions.php
## root/ctracker/ct_ipblocker.php
## root/ctracker/ct_security.php
## root/*****/lang_english/lang_ctracker.php
## root/templates/subSilver/admin/ct_blocker.tpl
## root/templates/subSilver/admin/ct_config.tpl
## root/templates/subSilver/admin/ct_footer.tpl
## root/templates/subSilver/admin/ct_logs_1.tpl
## root/templates/subSilver/admin/ct_logs_2.tpl
## root/templates/subSilver/admin/ct_logs_3.tpl
## root/templates/subSilver/admin/ct_logs_4.tpl
## root/templates/subSilver/admin/ct_seccheck.tpl
## root/templates/subSilver/admin/ct_systest.tpl
## root/install.php
## License:
http://opensource.org/licenses/gpl-license.php GNU General Public License v2
##############################################################
## For security purposes, please check:
http://www.phpbb.com/mods/## for the latest version of this MOD. Although MODs are checked
## before being allowed in the MODs Database there is no guarantee
## that there are no security problems within the MOD. No support
## will be given for MODs not found within the MODs Database which
## can be found at
http://www.phpbb.com/mods/##############################################################
## Author Notes:
##
## phpBB 2.0.20 Users:
## ===================
##
## If you have phpBB 2.0.20 and you like to use the extended Search Protection
## System of CrackerTracker just disable the phpBB 2.0.20 Search Blocker in your
## ACP. Just set "Search Flood Control" to "0" in ACP > General > Configuration.
##
## This MOD requires a PHP Version higher than 4.3.0 or PHP 5.x to run correctly!
##
##
## Donate:
## =======
##
## If you want to donate to our project to help us fit server costs please look
## on this site:
http://www.cback.de/cback_de/donate.php## Thanks!
##
##############################################################
## MOD History:
##
## 2004-12-25 - Version 0.0.1
## - Preview Version with just the Protector (Beta)
##
## 2004-12-26 - Version 1.0.0
## - First Release with extended Protector
##
## 2004-12-27 - Version 1.0.1
## - ACP Statistic Feature added
##
## 2004-12-30 - Version 1.0.2
## - New Logfile System with overflow Protection
##
## 2005-01-03 - Version 1.0.3
## - Little FIX for Register Globals Off
##
## 2005-04-09 - Version 2.0.0
## - New Release with complete new engine and
## better Protection
## - Name: CrackerTracker XTreme Edition
## - Added: Calendar MOD Protection
## - Added: Injection Detection Feature
## - Optimized ACP view
## - "Protected by" Picture
##
## 2005-04-24 - Version 2.0.1
## - Added: ACP Protection System
## - Added: Enlarged Worm Protector
##
## 2005-07-24 - Version 3.0.0
## - New Release Called "CrackerTracker Professional"
## - Automatic Engine Updater
## - Attempt-Block-Counter in Footer
## - Footer can be changed over ACP
## - Max Log Entrys can be set in ACP
## - Configuration System for your Logs
## - New ACP Layout and more functions
## - Better detection system
## - Flood-Protectors
## - Double Engine Protector
##
## 2005-07-25 - Version 3.0.1
## - Fixed Style Bug (Internet Explorer)
## - Little Fix in common.php
##
## 2005-07-25 - Version 3.1.0
## - Fixed : Compatibility problems with some PHP Interpreters
## - Changed: Search Protection now with better System
## - Changed: Definition File
## - Changed: Register Flood Protection Engine
## - Added : highlight-String Filter
## - Added : FID Protector
## - Added : Update File Integrity Check
##
## 2005-09-11 - Version 3.1.1
## - Fixed : Search Flood Protection only on performed search
## - Fixed : Problem with PHP Interpreter Globals off
## - Fixed : ***** File
##
## 2005-10-06 - Version 3.1.2
## - Removed: Auto Updater
##
## 2005-10-31 - Version 3.1.3
## - Change : Added a comment for phpBB 2.0.18 Users
##
## 2005-11-30 - Version 4.0.0
## - Completely new Release and completely recoded
## - Name: "CrackerTracker Professional 2nd Edition"
## - Many new Features added
## - Anti Spammer System and Spamming Detector
## - Fully Configurable over ACP
## - Nice Admin Features added
## - 3-Steps Security Scanner with CBACK PCSE
## - Fast Proxy- and IP Blocker
## - Improved Style System
## - Performant Counter
## - and many, many more
##
## 2005-12-15 - Version 4.0.1
## - Improved Footer Compatibility with PHP 4.x
##
## 2005-12-26 - Version 4.0.2
## - Improvements to the Definition File
##
## 2006-01-03 - Version 4.1.0
## - Protection from Mass Mail Sending
## - Protection from Mass Password Reset Mail Sending
## - Protects Login from BruteForce attacks
## - Removed "Thumbs.db" from Package ;)
## - Reduced Image Size for ACP
##
## 2006-01-16 - Version 4.1.1
## - Making BruteForce Protector more comfortable
##
## 2006-04-11 - Version 4.1.2
## - Added note for phpBB 2.0.19 / 2.0.20 Users
## - Extended Heuristic-Engine to detect "tunneled" or just
## spammy requests on your Board to reduce server load and traffic.
##
## 2006-04-30 - Version 4.1.3
## - Fixed Bug with creating Logfile
## - Additional "sensible vars" Protection
## - Added Note for files into the includes/ Folder
##
## 2006-05-07 - Version 4.1.4
## - Altering Worm Definition Filter
## - Adding Constant-Check for ct_security.php
## - Used $HTTP_SERVER_VARS instead of $_SERVER to fit phpBB.com Coding Guidelines
## - Altered descriptions
## - Using user_id instead of username to increase performance
## - Added $phpEx where the extension was hardcoded
## - Correct Build of Test-URL
## - Added note of MOD Compatibility only with PHP > 4.3.0
## - Added better handling of Logfiles to prevent from "tricky entries"
## - Added DB Query Security for non MySQL DBMS
## - Some fixes in install.txt to fit phpBB.com MOD Template
## - Changes of the SQL Statements in install.php to make it possible to convert it to other DBMS
##
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################
#
#-----[ OPEN ]------------------------------------------
#
common.php
#
#-----[ FIND ]------------------------------------------
#
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
#
#-----[ AFTER, ADD ]------------------------------------------
#
//
// CBACK.de CrackerTracker
// Worm&Exploit Protection Engine
//
include($phpbb_root_path . "ctracker/ct_security." . $phpEx);
#
#-----[ FIND ]------------------------------------------
#
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') );
$user_ip = encode_ip($client_ip);
#
#-----[ AFTER, ADD ]------------------------------------------
#
//
// CBACK.de CrackerTracker
// Proxy&IP Blocker and Function File
//
include($phpbb_root_path . 'ctracker/ct_ipblocker.'.$phpEx);
include($phpbb_root_path . 'ctracker/ct_functions.'.$phpEx);
#
#-----[ OPEN ]------------------------------------------
#
includes/functions.php
#
#-----[ FIND ]------------------------------------------
#
include($phpbb_root_path . '*****/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx);
#
#-----[ AFTER, ADD ]------------------------------------------
#
include($phpbb_root_path . '*****/lang_' . $board_config['default_lang'] . '/lang_ctracker.' . $phpEx);
#
#-----[ OPEN ]------------------------------------------
#
includes/page_tail.php
#
#-----[ FIND ]------------------------------------------
#
//
// Show the overall footer.
//
#
#-----[ BEFORE, ADD ]------------------------------------------
#
//
// CBACK.de CrackerTracker
//
include($phpbb_root_path . 'ctracker/ct_footer.'.$phpEx);
#
#-----[ OPEN ]------------------------------------------
#
includes/constants.php
#
#-----[ FIND ]------------------------------------------
#
// Table names
#
#-----[ BEFORE, ADD ]------------------------------------------
#
// CBACK CrackerTracker Professional
define('CTRACK', $table_prefix.'ctrack');
define('CTFILTER', $table_prefix.'ct_filter');
define('CTVISKEY', $table_prefix.'ct_viskey');
#
#-----[ OPEN ]------------------------------------------
#
templates/subSilver/overall_footer.tpl
#
#-----[ FIND ]------------------------------------------
#
Powered by <a href="
http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB[/url] © 2001, 2005 phpBB Group
{TRANSLATION_INFO}</span></div>
#
#-----[ AFTER, ADD ]------------------------------------------
#
<!-- BEGIN cback_cracker_tracker -->
<div align="center"><span class="copyright">
{cback_cracker_tracker.CTRACKER_FOOTER}
</span></div>
<!-- END cback_cracker_tracker -->
#
#-----[ OPEN ]------------------------------------------
#
search.php
#
#-----[ FIND ]------------------------------------------
#
//
// End session management
//
#
#-----[ AFTER, ADD ]------------------------------------------
#
//
// CBACK CrackerTracker Search Flood Protection
//
if(($userdata['ct_searchtime'] > time()) and (!empty($HTTP_GET_VARS['search_id']) || isset($HTTP_POST_VARS['search_id']) || isset($HTTP_GET_VARS['search_keywords']) || isset($HTTP_POST_VARS['show_results'])))
{
$waittime = 0;
$waittime = $userdata['ct_searchtime'] - time();
$waitmsg = '';
$waitmsg = sprintf($lang['ct_forum_sfl'], $ctracker_config['searchtime'], $waittime);
if($userdata['user_id'] == ANONYMOUS)
{
message_die(GENERAL_MESSAGE, $waitmsg);
}
else
{
$sql = "UPDATE " . USERS_TABLE . " SET ct_searchcount = ct_searchcount + 1 WHERE user_id = '" . $userdata['user_id'] . "'";
if( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
if($userdata['ct_searchcount'] >= $ctracker_config['maxsearch'] && $userdata['ct_searchtime'] > time())
{
if($userdata['ct_searchcount'] == $ctracker_config['maxsearch'])
{
$stime = time() + $ctracker_config['searchtime'];
$sql = "UPDATE " . USERS_TABLE . " SET ct_searchtime = " . $stime . " WHERE user_id = '" . $userdata['user_id'] . "'";
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
}
message_die(GENERAL_MESSAGE, $waitmsg);
}
}
}
if(isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) || !empty($HTTP_GET_VARS['search_id']) || isset($HTTP_POST_VARS['search_id']) || isset($HTTP_GET_VARS['search_keywords']) || isset($HTTP_POST_VARS['show_results']))
{
if($userdata['ct_searchtime'] <= time())
{
$stime = time() + $ctracker_config['searchtime'];
$sql = "UPDATE " . USERS_TABLE . " SET ct_searchtime = " . $stime . " WHERE user_id = '" . $userdata['user_id'] . "'";
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
if($userdata['user_id'] != ANONYMOUS)
{
$sql = "UPDATE " . USERS_TABLE . " SET ct_searchcount = 1 WHERE user_id = '" . $userdata['user_id'] . "'";
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
}
}
}
#
#-----[ FIND ]------------------------------------------
#
$forum_url = append_sid("viewforum.$phpEx?" . POST_FORUM_URL . '=' . $searchset[$i]['forum_id']);
$topic_url = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $searchset[$i]['topic_id'] . "&highlight=$highlight_active");
$post_url = append_sid("viewtopic.$phpEx?" . POST_POST_URL . '=' . $searchset[$i]['post_id'] . "&highlight=$highlight_active") . '#' . $searchset[$i]['post_id'];
#
#-----[ BEFORE, ADD ]------------------------------------------
#
$sucheck = strtolower($highlight_active);
$sucheck = str_replace($ct_rules, '*', $sucheck);
if($sucheck != $highlight_active)
{
$highlight_active = '';
}
#
#-----[ OPEN ]------------------------------------------
#
includes/usercp_register.php
#
#-----[ FIND ]------------------------------------------
#
// ---------------------------------------
// Load agreement template since user has not yet
// agreed to registration conditions/coppa
//
#
#-----[ AFTER, ADD ]------------------------------------------
#
//
// CBACK CrackerTracker Register Flood Protection
//
if($ctracker_config['regblock'] == 1 && $HTTP_GET_VARS['mode'] == 'register')
{
if($ctracker_config['lastreg'] >= time())
{
$lregtimestamp = $ctracker_config['lastreg'];
$waittime = 0;
$waittime = $lregtimestamp - time();
$waitmsg = '';
$waitmsg = sprintf($lang['ct_forum_rfl'], $waittime);
message_die(GENERAL_MESSAGE, $waitmsg);
}
if(!empty($HTTP_SERVER_VARS['REMOTE_ADDR']) && $ctracker_config['lastreg_ip'] == $HTTP_SERVER_VARS['REMOTE_ADDR'])
{
// If the same IP wants to register we block this for 400 Seconds
if($ctracker_config['lastreg'] + 400 >= time())
{
message_die(GENERAL_MESSAGE, $lang['ct_forum_ifl']);
}
}
}
#
#-----[ FIND ]------------------------------------------
# Particial search! The original line is longer
#
//
// Get current date
//
$sql = "INSERT INTO " . USERS_TABLE . " (user_id,
#
#-----[ BEFORE, ADD ]------------------------------------------
#
// CBACK CrackerTracker Register Flood Protection
$stime = time() + $ctracker_config['regtime'];
$sql = "UPDATE " . CTRACK . " SET value = " . $stime . " WHERE name = 'lastreg'";
$db->sql_query($sql);
if(!empty($HTTP_SERVER_VARS['REMOTE_ADDR']))
{
$sql = "UPDATE " . CTRACK . " SET value = '" . $HTTP_SERVER_VARS['REMOTE_ADDR'] . "' WHERE name = 'lastreg_ip'";
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
}
// END CBACK CrackerTracker Register Flood Protection
#
#-----[ OPEN ]------------------------------------------
#
includes/functions_post.php
#
#-----[ FIND ]------------------------------------------
#
# Particial search, the original line is longer!
#
function submit_post($mode
{
global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
global $userdata, $user_ip;
#
#-----[ AFTER, ADD ]------------------------------------------
#
global $ctracker_config;
#
#-----[ FIND ]------------------------------------------
#
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">';
$message = $lang['Stored'] . '
' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">', '[/url]') . '
' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '[/url]');
#
#-----[ BEFORE, ADD ]------------------------------------------
#
//
// CBACK CrackerTracker Spammer Protection Engine
//
$ctinfomeldung = '';
if(($mode == 'newtopic' || $mode == 'reply') and ($ctracker_config['floodprot'] == 1))
{
if($userdata['user_level'] == 0 && $userdata['user_id'] != ANONYMOUS)
{
if($userdata['ct_posttime'] >= time())
{
if($userdata['ct_postcount'] > $ctracker_config['postintime'])
{
if($ctracker_config['autoban'] == 1)
{
ct_filllog();
$sql = "INSERT INTO " . BANLIST_TABLE . "( `ban_id` , `ban_userid` , `ban_ip` , `ban_email` ) VALUES ('', '" . $userdata['user_id'] . "', '', NULL);";
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
if( $userdata['session_logged_in'] )
{
session_end($userdata['session_id'], $userdata['user_id']);
}
}
else
{
ct_filllog();
$sql = "UPDATE " . USERS_TABLE . " SET user_active = 0 WHERE user_id = '" . $userdata['user_id'] . "'";
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
if( $userdata['session_logged_in'] )
{
session_end($userdata['session_id'], $userdata['user_id']);
}
}
message_die(GENERAL_MESSAGE, $lang['ct_forum_blo']);
}
else if($userdata['ct_postcount'] == $ctracker_config['postintime'])
{
$ctinfomeldung = sprintf($lang['ct_forum_wa'] . '
', $ctracker_config['posttimespan']);
}
else
{
$ctinfomeldung = '';
}
$sql = "UPDATE " . USERS_TABLE . " SET ct_postcount = ct_postcount + 1 WHERE user_id = '" . $userdata['user_id'] . "'";
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
}
else
{
$stime = time() + $ctracker_config['posttimespan'];
$sql = "UPDATE " . USERS_TABLE . " SET ct_posttime = " . $stime . " WHERE user_id = '" . $userdata['user_id'] . "'";
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . USERS_TABLE . " SET ct_postcount = 2 WHERE user_id = '" . $userdata['user_id'] . "'";
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
}
}
}
#
#-----[ IN-LINE FIND ]------------------------------------------
#
$lang['Stored'] . '
' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">', '[/url]') . '
' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '[/url]');
#
#-----[ IN-LINE BEFORE, ADD ]------------------------------------------
#
$ctinfomeldung .
#
#-----[ OPEN ]------------------------------------------
#
includes/usercp_email.php
#
#-----[ FIND ]------------------------------------------
#
if ( time() - $userdata['user_emailtime'] < $board_config['flood_interval'] )
{
message_die(GENERAL_MESSAGE, $lang['Flood_email_limit']);
}
#
#-----[ BEFORE, ADD ]------------------------------------------
#
if ( $userdata['ct_mailcount'] >= time() && $ctracker_config['mailfeature'] == 1 )
{
message_die(GENERAL_MESSAGE, $lang['ct_forum_emb']);
}
#
#-----[ FIND ]------------------------------------------
#
$sql = "UPDATE " . USERS_TABLE . "
SET user_emailtime = " . time() . "
WHERE user_id = " . $userdata['user_id'];
#
#-----[ BEFORE, ADD ]------------------------------------------
#
$mtimetemp = time() + 240;
$sql = "UPDATE " . USERS_TABLE . "
SET ct_mailcount = " . $mtimetemp . "
WHERE user_id = " . $userdata['user_id'];
$db->sql_query($sql);
#
#-----[ OPEN ]------------------------------------------
#
includes/usercp_sendpasswd.php
#
#-----[ FIND ]------------------------------------------
#
$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : '';
$sql = "SELECT user_id, username, user_email, user_active, user_lang
#
#-----[ IN-LINE FIND ]------------------------------------------
#
user_active, user_lang
#
#-----[ IN-LINE AFTER, ADD ]------------------------------------------
#
, ct_pwreset, ct_unsucclogin
#
#-----[ FIND ]------------------------------------------
#
$username = $row['username'];
$user_id = $row['user_id'];
#
#-----[ AFTER, ADD ]------------------------------------------
#
if ( $ctracker_config['pwreset'] == 1 )
{
if ( $row['ct_pwreset'] == 1 && $row['ct_unsucclogin'] >= time())
{
message_die(GENERAL_MESSAGE, $lang['ct_forum_pws']);
}
}
#
#-----[ FIND ]------------------------------------------
#
$sql = "UPDATE " . USERS_TABLE . "
SET user_newpasswd = '" . md5($user_password) . "', user_actkey = '$user_actkey'
WHERE user_id = " . $row['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update new password information', '', __LINE__, __FILE__, $sql);
}
#
#-----[ BEFORE, ADD ]------------------------------------------
#
$loginsyst = time() + 14400;
$sql = "UPDATE " . USERS_TABLE . "
SET ct_pwreset = '1', ct_unsucclogin = '" . $loginsyst . "'
WHERE user_id = " . $row['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update new password information', '', __LINE__, __FILE__, $sql);
}
#
#-----[ OPEN ]------------------------------------------
#
includes/usercp_activate.php
#
#-----[ FIND ]------------------------------------------
#
$sql = "UPDATE " . USERS_TABLE . "
SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
WHERE user_id = " . $row['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update);
}
#
#-----[ AFTER, ADD ]------------------------------------------
#
$sql = "UPDATE " . USERS_TABLE . "
SET ct_pwreset = '0', ct_unsucclogin = '0'
WHERE user_id = " . $row['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
#
#-----[ OPEN ]------------------------------------------
#
login.php
#
#-----[ FIND ]------------------------------------------
#
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}
#
#-----[ AFTER, ADD ]------------------------------------------
#
//
// CBACK CrackerTracker Visual Login Confirmation
// visual confirmation code Generator taken from phpBB (c) phpBB Group
//
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = htmlspecialchars($mode);
if ( $mode == 'confirm' )
{
if ( $userdata['session_logged_in'] )
{
exit;
}
include($phpbb_root_path . 'ctracker/ct_confirm.'.$phpEx);
exit;
}
}
//
// Now we check if the User is trying to Log in if he already has used one attempt or not
// if not we disable the Visual Confirmation Code and with this we allow a normal login without any Confirmation
// if the User tried to log in once we just continue with the normal Script and then we show the Visible Code every time the user
// tries to log in before checking Password or anything.
// Well OK its more DB gaming but many users want comfort AND security so let's do it ;-)
//
if(!empty($HTTP_POST_VARS['username']) && $ctracker_config['loginfeature'] == 1)
{
$secure_username = '';
$secure_username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$sql = "SELECT ct_logintry FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\\'", "''", $secure_username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
if( $row = $db->sql_fetchrow($result) )
{
if($row['ct_logintry'] == 0)
{
$ctracker_config['loginfeature'] = 0;
}
}
}
else
{
$ctracker_config['loginfeature'] = 0;
}
if ( $ctracker_config['loginfeature'] == 1 && !$userdata['session_logged_in'] && !empty($HTTP_POST_VARS['confirm_id']) && !empty($HTTP_POST_VARS['confirm_code']))
{
$confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']); if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
{
$confirm_id = '';
}
$sql = 'SELECT code
FROM ' . CTVISKEY . "
WHERE confirm_id = '$confirm_id'
AND session_id = '" . $userdata['session_id'] . "'";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
if ($row['code'] != $HTTP_POST_VARS['confirm_code'])
{
message_die(GENERAL_MESSAGE, $lang['ct_forum_sl1']);
}
else
{
$sql = 'DELETE FROM ' . CTVISKEY . "
WHERE confirm_id = '$confirm_id'
AND session_id = '" . $userdata['session_id'] . "'";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql);
}
}
}
else
{
message_die(GENERAL_MESSAGE, $lang['ct_forum_sl1']);
}
$db->sql_freeresult($result);
}
$vcheck_need = FALSE;
$vcheck_login = TRUE;
if($ctracker_config['loginfeature'] == 1 )
{
$vcheck_need = TRUE;
$vcheck_login = FALSE;
}
if (($vcheck_need = FALSE || $userdata['session_logged_in']) or (isset($HTTP_GET_VARS['logout']) || !empty($HTTP_POST_VARS['confirm_id']) && !empty($HTTP_POST_VARS['confirm_code'])))
{
$vcheck_login = TRUE;
}
#
#-----[ FIND ]------------------------------------------
#
if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
#
#-----[ IN-LINE FIND ]------------------------------------------
#
( isset($HTTP_POST_VARS['login'])
#
#-----[ IN-LINE BEFORE, ADD ]------------------------------------------
#
(( $vcheck_login == TRUE ) and
#
#-----[ IN-LINE FIND ]------------------------------------------
#
isset($HTTP_GET_VARS['logout']) )
#
#-----[ IN-LINE AFTER, ADD ]------------------------------------------
#
)
#
#-----[ FIND ]------------------------------------------
#
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
#
#-----[ AFTER, ADD ]------------------------------------------
#
$sql = 'UPDATE ' . USERS_TABLE . ' SET ct_logintry = 0 WHERE user_id = ' . $row['user_id'];
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
#
#-----[ FIND ]------------------------------------------
#
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
#
#-----[ BEFORE, ADD ]------------------------------------------
#
if ($row['user_id'] != ANONYMOUS)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET ct_logintry = 1
WHERE user_id = ' . $row['user_id'];
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
}
#
#-----[ FIND ]------------------------------------------
#
$page_title = $lang['Login'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'login_body.tpl')
);
$forward_page = '';
#
#-----[ AFTER, ADD ]------------------------------------------
#
//
// CBACK CrackerTracker Login Confirmation
// Confirmation Generator Taken from phpBB (C) phpBB Group
//
$confirm_image = '';
if( $ctracker_config['loginfeature'] == 1 && !$userdata['session_logged_in'])
{
$sql = 'SELECT session_id
FROM ' . SESSIONS_TABLE;
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
$confirm_sql = '';
do
{
$confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
}
while ($row = $db->sql_fetchrow($result));
$sql = 'DELETE FROM ' . CTVISKEY . "
WHERE session_id NOT IN ($confirm_sql)";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
}
}
$db->sql_freeresult($result);
$confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$max_chars = count($confirm_chars) - 1;
$code = '';
for ($i = 0; $i < 6; $i++)
{
$code .= $confirm_chars[mt_rand(0, $max_chars)];
}
$confirm_id = md5(uniqid($user_ip));
$sql = 'INSERT INTO ' . CTVISKEY . " (confirm_id, session_id, code)
VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
}
unset($code);
$confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("login.$phpEx?mode=confirm&id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("login.$phpEx?mode=confirm&id=$confirm_id&c=1") . '" alt="" title="" /><img src="' . append_sid("login.$phpEx?mode=confirm&id=$confirm_id&c=2") . '" alt="" title="" /><img src="' . append_sid("login.$phpEx?mode=confirm&id=$confirm_id&c=3") . '" alt="" title="" /><img src="' . append_sid("login.$phpEx?mode=confirm&id=$confirm_id&c=4") . '" alt="" title="" /><img src="' . append_sid("login.$phpEx?mode=confirm&id=$confirm_id&c=5") . '" alt="" title="" /><img src="' . append_sid("login.$phpEx?mode=confirm&id=$confirm_id&c=6") . '" alt="" title="" />';
$hidden_form_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
$template->assign_block_vars('switch_confirm', array());
}
#
#-----[ FIND ]------------------------------------------
#
'L_SEND_PASSWORD' => $lang['Forgotten_password'],
#
#-----[ AFTER, ADD ]------------------------------------------
#
'CONFIRM_IMG' => $confirm_image,
'L_CONFIRM_CODE' => $lang['ct_forum_slo'],
#
#-----[ FIND ]------------------------------------------
#
'S_HIDDEN_FIELDS' => $s_hidden_fields)
#
#-----[ REPLACE WITH ]------------------------------------------
#
'S_HIDDEN_FIELDS' => $s_hidden_fields . $hidden_form_fields )
#
#-----[ OPEN ]------------------------------------------
#
templates/subSilver/login_body.tpl
#
#-----[ FIND ]------------------------------------------
#
<tr align="center">
<td colspan="2">{S_HIDDEN_FIELDS}<input type="submit" name="login" class="mainoption" value="{L_LOGIN}" /></td>
</tr>
#
#-----[ BEFORE, ADD ]------------------------------------------
#
<!-- BEGIN switch_confirm -->
<tr>
<td class="row1" colspan="2" align="center">
<span class="gen">{L_CONFIRM_CODE}</span>
<span class="gensmall"> </span>
{CONFIRM_IMG}
</td>
</tr>
<tr>
<td colspan="2" align="center" class="row2">
<input type="text" class="post" name="confirm_code" size="25" maxlength="6" value="" />
</td>
</tr>
<!-- END switch_confirm -->
#
#-----[ COPY ]------------------------------------------
#
copy root/admin/admin_ct_blocker.php to admin/admin_ct_blocker.php
copy root/admin/admin_ct_config.php to admin/admin_ct_config.php
copy root/admin/admin_ct_footer.php to admin/admin_ct_footer.php
copy root/admin/admin_ct_logs.php to admin/admin_ct_logs.php
copy root/admin/admin_ct_seccheck.php to admin/admin_ct_seccheck.php
copy root/admin/admin_ct_systest.php to admin/admin_ct_systest.php
copy root/ctracker/images/acp_box.jpg to ctracker/images/acp_box.jpg
copy root/ctracker/images/acp_box1.jpg to ctracker/images/acp_box1.jpg
copy root/ctracker/images/acp_head.jpg to ctracker/images/acp_head.jpg
copy root/ctracker/images/acp_head_bg.jpg to ctracker/images/acp_head_bg.jpg
copy root/ctracker/images/acp_mini_box.jpg to ctracker/images/acp_mini_box.jpg
copy root/ctracker/images/cback_ctracker_button.gif to ctracker/images/cback_ctracker_button.gif
copy root/ctracker/images/cback_ctracker_mini.gif to ctracker/images/cback_ctracker_mini.gif
copy root/ctracker/logs/counter.txt to ctracker/logs/counter.txt
copy root/ctracker/logs/logfile_flood.txt to ctracker/logs/logfile_flood.txt
copy root/ctracker/logs/logfile_proxy.txt to ctracker/logs/logfile_proxy.txt
copy root/ctracker/logs/logfile_worms.txt to ctracker/logs/logfile_worms.txt
copy root/ctracker/ct_confirm.php to ctracker/ct_confirm.php
copy root/ctracker/ct_footer.php to ctracker/ct_footer.php
copy root/ctracker/ct_functions.php to ctracker/ct_functions.php
copy root/ctracker/ct_ipblocker.php to ctracker/ct_ipblocker.php
copy root/ctracker/ct_security.php to ctracker/ct_security.php
copy root/*****/lang_english/lang_ctracker.php to *****/lang_english/lang_ctracker.php
copy root/templates/subSilver/admin/ct_blocker.tpl to templates/subSilver/admin/ct_blocker.tpl
copy root/templates/subSilver/admin/ct_config.tpl to templates/subSilver/admin/ct_config.tpl
copy root/templates/subSilver/admin/ct_footer.tpl to templates/subSilver/admin/ct_footer.tpl
copy root/templates/subSilver/admin/ct_logs_1.tpl to templates/subSilver/admin/ct_logs_1.tpl
copy root/templates/subSilver/admin/ct_logs_2.tpl to templates/subSilver/admin/ct_logs_2.tpl
copy root/templates/subSilver/admin/ct_logs_3.tpl to templates/subSilver/admin/ct_logs_3.tpl
copy root/templates/subSilver/admin/ct_logs_4.tpl to templates/subSilver/admin/ct_logs_4.tpl
copy root/templates/subSilver/admin/ct_seccheck.tpl to templates/subSilver/admin/ct_seccheck.tpl
copy root/templates/subSilver/admin/ct_systest.tpl to templates/subSilver/admin/ct_systest.tpl
copy root/install.php to install.php
#
#-----[ DIY INSTRUCTIONS ]------------------------------------------
#
Set now CHMOD777 to the following Files:
- ctracker/logs/counter.txt
- ctracker/logs/logfile_flood.txt
- ctracker/logs/logfile_proxy.txt
- ctracker/logs/logfile_worms.txt
#
#-----[ DIY INSTRUCTIONS ]------------------------------------------
#
Execute the file install.php by entering the URL to that file into your browser.
After that please delete this file again from your Webspace!
#
#-----[ DIY INSTRUCTIONS ]------------------------------------------
#
For additional Security please look that you will find this code part:
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
in _all_ *.php files wich are uploaded into the folder includes/ of your phpBB installation.
You can find this line just after the beginning of the file (<?php). It should be placed
directly after the comments before other PHP Code is written. Some Mods have forgotten to
place this line in Includes Files and then someone has the possibility to just attack one
of that file without running other Board files. If you have questions to this step feel free
to ask in our Forum at
www.community.cback.de for Support.
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
AlapliForum » Programlama ve Tasarım » Web Tasarım & Hosting » Programcılık (Moderatörler: Yargıç, SonOsmanlı, kanuni67, Kanca67)Konu: 
CrackerTracker Professional 2nd Edition Kurulumu
Konu: CrackerTracker Professional 2nd Edition Kurulumu (Okunma sayısı 1426 defa)
Mayıs 24, 2006, 12:11:02 ÖÖ