SHARE
TWEET

Untitled

a guest Jan 24th, 2020 79 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. // This script is used for both debugging WP post requests by being set as the auto_prepend file
  3. // Keep in mind this gets called before EVERY php script that gets run, not only from web sites,
  4. // but from command line as well, so you need to make sure values exist before just using them.
  5.  
  6. // Note, this directory needs to be world writeable so any of the sites can write to it
  7. // So best to be out of web root of any site.
  8. $log_files_to = '/path/to/prepend_script/logs/';
  9.  
  10. $ip_address   = array_key_exists( 'REMOTE_ADDR', $_SERVER ) ? $_SERVER['REMOTE_ADDR'] : 'CLI';
  11. $http_host    = array_key_exists( 'HTTP_HOST', $_SERVER ) ? $_SERVER['HTTP_HOST'] : 'CLI';
  12. $request_type = array_key_exists( 'REQUEST_METHOD', $_SERVER ) ? $_SERVER['REQUEST_METHOD'] : 'CLI';
  13. $call_to      = array_key_exists( 'REQUEST_URI', $_SERVER ) ? $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME'];
  14. $post         = [];
  15.  
  16. if ( $request_type == 'POST' &&
  17.      in_array( $http_host, [
  18.          'www.domain.com',
  19.          'domain.com'
  20.      ] ) && count( $_POST ) > 0 ) {
  21.  
  22.     // List of Post Keys that should NOT be logged, instead we just log how
  23.     // many characters are in the string for that value.
  24.     $keySkip = [
  25.         'password',
  26.         'pwd',
  27.         'creditcard',
  28.         'cardnumber'
  29.     ];
  30.  
  31.     foreach ( $_POST as $key => $val ) {
  32.         if ( in_array( $key, $keySkip ) ) {
  33.             $post[ $key ] = 'HIDDEN (' . strlen( $val ) . ' length)';
  34.         } else {
  35.             $post[ $key ] = $val;
  36.         }
  37.     }
  38.     unset( $keySkip, $key, $val );
  39.  
  40.     if ( ! file_exists( $log_files_to . $http_host ) ) {
  41.         mkdir( $log_files_to . $http_host );
  42.     }
  43.     $fp = fopen( $log_files_to . $http_host . '/' .
  44.                  date( 'Y-m-d H:i', time() - time() % ( 15 * 60 ) ) . '.log', 'a' );
  45.     fwrite( $fp, "===================================================\n" );
  46.     fwrite( $fp, date( 'Y-m-d @ H:i:s ' ) . " FROM: $ip_address VIA $request_type \n" );
  47.     fwrite( $fp, "TO: $call_to \n" );
  48.     fwrite( $fp, 'POST: ' . var_export( $post, true ) . "\n" );
  49.     fwrite( $fp, 'COOKIE: ' . var_export( $_COOKIE, true ) . "\n" );
  50.     fclose( $fp );
  51. }
  52.  
  53. // If you find you just want to shut down certain requests to keep WP from even firing,
  54. // You can use this block to give out just a plain Apache style 404 error message
  55. // you could probably do some other, but I like doing a 404, as then hopefully bot will think
  56. // the file isn't there anymore instead of a message saying "it is here, you are not allowed"
  57.  
  58. if ( $some_condition == $something_that_you_want_to_just_kill_request ) {
  59.     header( 'HTTP/1.0 404 Not Found' );
  60.     echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">', PHP_EOL;
  61.     echo '<html lang="en"><head><title>404 Not Found</title></head>', PHP_EOL;
  62.     echo '<body>', PHP_EOL, '<h1>Not Found</h1>', PHP_EOL;
  63.     echo '<p>The requested URL ', htmlspecialchars( $_SERVER['SCRIPT_URL'] ), ' was not found on this server.</p>', PHP_EOL;
  64.     echo '<!-- Reason -->', PHP_EOL, '</body></html>', PHP_EOL;
  65.     exit;
  66. }
  67.  
  68. // Don't forget to unset any global scope vars here...
  69. unset(
  70.     $log_files_to,
  71.     $ip_address,
  72.     $http_host,
  73.     $request_type,
  74.     $call_to,
  75.     $post
  76. );
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top