<?php
$ref=isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:false;
$agent=isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:"";
if ($ref === false) $validref=true;
else $validref=false;
$exclude=Array("/logs/","/test/","/misc/");
if (!empty($exclude)) {
for ($i=0; $i<count($exclude); $i++) $ref_exclude[]="/^".preg_quote("http://".(isset ($_SERVER['HTTP_HOST'])?$_SERVER["HTTP_HOST"]:$_SERVER["SERVER_ADDR"]).$exclude[$i],'/')."/i";
for ($i=0; $i<count($exclude); $i++) $ref_exclude[]="/^".preg_quote("https://".(isset ($_SERVER['HTTP_HOST'])?$_SERVER["HTTP_HOST"]:$_SERVER["SERVER_ADDR"]).$exclude[$i],'/')."/i";
}
$host_exclude=Array(".archive.org",".petalsearch.com",Array(Array("fetcher",".go.mail.ru"),1),Array(Array("ecs-",".compute.hwclouds-dns.com"),1));
if (!empty($host_exclude)){
for ($i=0; $i<count($host_exclude); $i++) {
foreach($host_exclude as $exclude){
$exclude_mode=0;
//0 - '/pattern$/'
//1 - '/^pattern$/'
//2 - '/^pattern/'
//3 - '/pattern/'
if (is_array($exclude)){
$match = "";
if (is_array($exclude[0])){
if(isset($exclude[1]) && is_numeric($exclude[1])) $exclude_mode=$exclude[1];
$exclude = $exclude[0];
}
foreach($exclude as $exclude_part){
$match .= (($match != "")?".+":"").preg_quote($exclude_part,'/');
}
}
else $match=preg_quote($exclude,'/');
$pattern="/".(($exclude_mode == 1 || $exclude_mode == 2)?"^":"").$match.(($exclude_mode == 0 || $exclude_mode == 1)?"$":"")."/i";
if(preg_match($pattern, $host)){
$validref=true; break;
}
}
if ($validref) break;
}
}
$agent_exclude=Array("/^".preg_quote("Mozilla/5.0 (compatible; DuckDuckGo-Favicons-Bot/1.0; +http://duckduckgo.com)",'/')."$/i");
$agent_exclude=Array("/^".preg_quote("Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) AppEngine-Google; (+http://code.google.com/appengine; appid: s~virustotalcloud)",'/')."$/i");
if (!empty($agent_exclude)) foreach ($agent_exclude as $pattern) {
if (preg_match($pattern, $agent)) {
$validref=true; break;
}
}
if (!empty($ref_exclude)) foreach ($ref_exclude as $pattern) {
if (preg_match($pattern, $ref)) {
$validref=true; break;
}
}
unset($host_exclude, $ref_exclude, $exclude, $pattern, $i);
if (($validref === false) && preg_match("/^https?".preg_quote("://".$_SERVER["HTTP_HOST"],'/')."/i", $ref)) {
include "db.php";
if($db_link) {
mysqli_select_db($db_link,$db);
$table="accesslog";
if(mysqli_query($db_link,"desc $table")){
$query="select distinct url from $table where ip='".mysqli_real_escape_string($db_link,$ip)."' and result !='403'"; //
$result=mysqli_query($db_link,$query) or die(mysqli_error($db_link));
$count = mysqli_num_rows($result);
if($count > 0) {
while ($arr=mysqli_fetch_assoc($result)){
$fullurl="http://".$_SERVER["HTTP_HOST"].$arr['url'];
$fullurl_secure="https://".$_SERVER["HTTP_HOST"].$arr['url'];
if ($admin || $ref == $fullurl || $ref == $fullurl_secure) {
$validref=true;
break;
}
}
} else {
if ($admin) {
$query="select distinct ip from accesslog where ip != '$ip'";
$result=mysqli_query($db_link,$query) or die(mysqli_error($db_link));
$count = mysqli_num_rows($result);
if ($count == 0) {
$validref=true;
}
}
}
} else $validref=true;
mysqli_close($db_link);
}
} else $validref=true;
if ($validref !== true) {
$log=fopen("$prefix/logs/ref.txt", "a");
fwrite($log, "[".date("Y-m-d H:i:s")."] [".$ip.(!empty($host)?(" ".$host):"").(!empty($proxy)?(" (Proxy: ".$proxy.")"):"")."] [Bad Referer] Url: ".$_SERVER['REQUEST_URI']." Referer: ".$_SERVER['HTTP_REFERER']."\n".(!empty($_SERVER['HTTP_USER_AGENT'])?($_SERVER['HTTP_USER_AGENT']."\n"):""));
fclose($log);
//echo "Debug: $host ".$_SERVER["HTTP_HOST"]." ".$ref;
}
unset($ref,$count);
?>