Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // This script is used for both debugging WP post requests by being set as the auto_prepend file
- // Keep in mind this gets called before EVERY php script that gets run, not only from web sites,
- // but from command line as well, so you need to make sure values exist before just using them.
- // Note, this directory needs to be world writeable so any of the sites can write to it
- // So best to be out of web root of any site.
- $log_files_to = '/path/to/prepend_script/logs/';
- $ip_address = array_key_exists( 'REMOTE_ADDR', $_SERVER ) ? $_SERVER['REMOTE_ADDR'] : 'CLI';
- $http_host = array_key_exists( 'HTTP_HOST', $_SERVER ) ? $_SERVER['HTTP_HOST'] : 'CLI';
- $request_type = array_key_exists( 'REQUEST_METHOD', $_SERVER ) ? $_SERVER['REQUEST_METHOD'] : 'CLI';
- $call_to = array_key_exists( 'REQUEST_URI', $_SERVER ) ? $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME'];
- $post = [];
- if ( $request_type == 'POST' &&
- in_array( $http_host, [
- 'www.domain.com',
- 'domain.com'
- ] ) && count( $_POST ) > 0 ) {
- // List of Post Keys that should NOT be logged, instead we just log how
- // many characters are in the string for that value.
- $keySkip = [
- 'password',
- 'pwd',
- 'creditcard',
- 'cardnumber'
- ];
- foreach ( $_POST as $key => $val ) {
- if ( in_array( $key, $keySkip ) ) {
- $post[ $key ] = 'HIDDEN (' . strlen( $val ) . ' length)';
- } else {
- $post[ $key ] = $val;
- }
- }
- unset( $keySkip, $key, $val );
- if ( ! file_exists( $log_files_to . $http_host ) ) {
- mkdir( $log_files_to . $http_host );
- }
- $fp = fopen( $log_files_to . $http_host . '/' .
- date( 'Y-m-d H:i', time() - time() % ( 15 * 60 ) ) . '.log', 'a' );
- fwrite( $fp, "===================================================\n" );
- fwrite( $fp, date( 'Y-m-d @ H:i:s ' ) . " FROM: $ip_address VIA $request_type \n" );
- fwrite( $fp, "TO: $call_to \n" );
- fwrite( $fp, 'POST: ' . var_export( $post, true ) . "\n" );
- fwrite( $fp, 'COOKIE: ' . var_export( $_COOKIE, true ) . "\n" );
- fclose( $fp );
- }
- // If you find you just want to shut down certain requests to keep WP from even firing,
- // You can use this block to give out just a plain Apache style 404 error message
- // you could probably do some other, but I like doing a 404, as then hopefully bot will think
- // the file isn't there anymore instead of a message saying "it is here, you are not allowed"
- if ( $some_condition == $something_that_you_want_to_just_kill_request ) {
- header( 'HTTP/1.0 404 Not Found' );
- echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">', PHP_EOL;
- echo '<html lang="en"><head><title>404 Not Found</title></head>', PHP_EOL;
- echo '<body>', PHP_EOL, '<h1>Not Found</h1>', PHP_EOL;
- echo '<p>The requested URL ', htmlspecialchars( $_SERVER['SCRIPT_URL'] ), ' was not found on this server.</p>', PHP_EOL;
- echo '<!-- Reason -->', PHP_EOL, '</body></html>', PHP_EOL;
- exit;
- }
- // Don't forget to unset any global scope vars here...
- unset(
- $log_files_to,
- $ip_address,
- $http_host,
- $request_type,
- $call_to,
- $post
- );
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement