function record_mysql_error($sql) { global $server_row; //record the mysql error $clean['mysql_error_text'] = mysql_error(); //if on dev server, echo the error echo $sql . '<br/><br/>' . $clean['mysql_error_text'] . '<br/><br/>'; die; $ip_id = INDEXES::get_ip_id($_SERVER['HTTP_X_FORWARDED_FOR']); $mysql['ip_id'] = mysql_real_escape_string($ip_id); $site_url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $site_id = INDEXES::get_site_url_id($site_url); $mysql['site_id'] = mysql_real_escape_string($site_id); $mysql['user_id'] = mysql_real_escape_string(strip_tags($_SESSION['user_id'])); $mysql['mysql_error_text'] = mysql_real_escape_string($clean['mysql_error_text']); $mysql['mysql_error_sql'] = mysql_real_escape_string($sql); $mysql['script_url'] = mysql_real_escape_string(strip_tags($_SERVER['SCRIPT_URL'])); $mysql['server_name'] = mysql_real_escape_string(strip_tags($_SERVER['SERVER_NAME'])); $mysql['mysql_error_time'] = time(); $report_sql = "INSERT INTO 202_mysql_errors\n\t\t\t\t\t\t\t\tSET mysql_error_text='" . $mysql['mysql_error_text'] . "',\n\t\t\t\t\t\t\t\t\t\tmysql_error_sql='" . $mysql['mysql_error_sql'] . "',\n\t\t\t\t\t\t\t\t\t\tuser_id='" . $mysql['user_id'] . "',\n\t\t\t\t\t\t\t\t\t\tip_id='" . $mysql['ip_id'] . "',\n\t\t\t\t\t\t\t\t\t\tsite_id='" . $mysql['site_id'] . "',\n\t\t\t\t\t\t\t\t\t\tmysql_error_time='" . $mysql['mysql_error_time'] . "'"; $report_query = _mysql_query($report_sql); //email administration of the error $to = $_SERVER['SERVER_ADMIN']; $subject = 'mysql error reported - ' . $site_url; $message = '<b>A mysql error has been reported</b><br/><br/> time: ' . date('r', time()) . '<br/> server_name: ' . $_SERVER['SERVER_NAME'] . '<br/><br/> user_id: ' . $_SESSION['user_id'] . '<br/> script_url: ' . $site_url . '<br/> $_SERVER: ' . serialize($_SERVER) . '<br/><br/> . . . . . . . . <br/><br/> _mysql_query: ' . $sql . '<br/><br/> mysql_error: ' . $clean['mysql_error_text']; $from = $_SERVER['SERVER_ADMIN']; $type = 3; //type 3 is mysql_error //send_email($to,$subject,$message,$from,$type); //report error to user and end page ?> <div class="warning" style="margin: 40px auto; width: 450px;"> <div> <h3>A database error has occured, the webmaster has been notified</h3> <p>If this error persists, you may email us directly: <?php printf('<a href="mailto:%s">%s</a>', $_SERVER['SERVER_ADMIN'], $_SERVER['SERVER_ADMIN']); ?> </p> </div> </div> <?php template_bottom($server_row); die; }
public static function recordLogin() { //RECORD THIS USER LOGIN, into user_logs $mysql['login_server'] = db::escape(serialize($_SERVER)); $mysql['login_session'] = db::escape(serialize($_SESSION)); $mysql['login_error'] = db::escape(serialize($error)); $mysql['ip_address'] = db::escape($_SERVER['REMOTE_ADDR']); $mysql['login_time'] = time(); if ($error) { $mysql['login_success'] = 0; } else { $mysql['login_success'] = 1; } //record everything that happend during this crime scene. $user_log_sql = "INSERT INTO 202_users_log\r\n\t\t\t\t\t\t\t\t SET user_name='" . $mysql['user_name'] . "',\r\n\t\t\t\t\t\t\t\t\t\tuser_pass='******'user_pass'] . "',\r\n\t\t\t\t\t\t\t\t\t\tip_address='" . $mysql['ip_address'] . "',\r\n\t\t\t\t\t\t\t\t\t\tlogin_time='" . $mysql['login_time'] . "',\r\n\t\t\t\t\t\t\t\t\t\tlogin_success = '" . $mysql['login_success'] . "',\r\n\t\t\t\t\t\t\t\t\t\tlogin_error='" . $mysql['login_error'] . "',\r\n\t\t\t\t\t\t\t\t\t\tlogin_server='" . $mysql['login_server'] . "',\r\n\t\t\t\t\t\t\t\t\t\tlogin_session='" . $mysql['login_session'] . "'"; $user_log_result = mysql_query($user_log_sql) or record_mysql_error($user_log_sql); if (!$error) { $ip_id = INDEXES::get_ip_id($_SERVER['HTTP_X_FORWARDED_FOR']); $mysql['ip_id'] = mysql_real_escape_string($ip_id); //update this users last login_ip_address $user_sql = "\tUPDATE \t202_users\r\n SET\t\t\tuser_last_login_ip_id='" . $mysql['ip_id'] . "'\r\n WHERE \tuser_name='" . $mysql['user_name'] . "'\r\n AND \t\tuser_pass='******'user_pass'] . "'"; $user_result = _mysql_query($user_sql); } }
$mysql['c3_id'] = $db->real_escape_string($c3_id); $c4 = $db->real_escape_string($_GET['c4']); $c4 = str_replace('%20', ' ', $c4); $c4_id = INDEXES::get_c4_id($db, $c4); $mysql['c4_id'] = $db->real_escape_string($c4_id); //$device_id = PLATFORMS::get_device_info($db); $device_id = PLATFORMS::get_device_info($db, $detect, $_GET['ua']); $mysql['platform_id'] = $db->real_escape_string($device_id['platform']); $mysql['browser_id'] = $db->real_escape_string($device_id['browser']); $mysql['device_id'] = $db->real_escape_string($device_id['device']); if ($device_id['type'] == '4') { $mysql['click_bot'] = '1'; } $mysql['click_in'] = 1; $mysql['click_out'] = 1; $ip_id = INDEXES::get_ip_id($db, $_SERVER['HTTP_X_FORWARDED_FOR']); $mysql['ip_id'] = $db->real_escape_string($ip_id); //before we finish filter this click $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; $user_id = $tracker_row['user_id']; //GEO Lookup $GeoData = getGeoData($ip_address); $country_id = INDEXES::get_country_id($db, $GeoData['country'], $GeoData['country_code']); $mysql['country_id'] = $db->real_escape_string($country_id); $region_id = INDEXES::get_region_id($db, $GeoData['region'], $mysql['country_id']); $mysql['region_id'] = $db->real_escape_string($region_id); $city_id = INDEXES::get_city_id($db, $GeoData['city'], $mysql['country_id']); $mysql['city_id'] = $db->real_escape_string($city_id); if ($user_row['maxmind_isp'] == '1') { $IspData = getIspData($ip_address); $isp_id = INDEXES::get_isp_id($db, $IspData);
function redirect_process($db, $rule, $ppc_account, $cpc, $rotator_id, $GeoData, $ip_address, $user_id, $IspData, $keyword_type) { $mysql['aff_campaign_id'] = $db->real_escape_string($rule['aff_campaign_id']); $mysql['click_cpc'] = $db->real_escape_string($rule['click_cpc']); $mysql['click_payout'] = $db->real_escape_string($rule['aff_campaign_payout']); $mysql['rule_id'] = $db->real_escape_string($rule['rule_id']); $mysql['ppc_account'] = $db->real_escape_string($ppc_account); $mysql['cpc'] = $db->real_escape_string($cpc); $mysql['click_time'] = time(); /* ok, if $_GET['OVRAW'] that is a yahoo keyword, if on the REFER, there is a $_GET['q], that is a GOOGLE keyword... */ //so this is going to check the REFERER URL, for a ?q=, which is the ACUTAL KEYWORD searched. $referer_url_parsed = @parse_url($_SERVER['HTTP_REFERER']); $referer_url_query = $referer_url_parsed['query']; @parse_str($referer_url_query, $referer_query); switch ($keyword_type) { case "bidded": #try to get the bidded keyword first if ($_GET['OVKEY']) { //if this is a Y! keyword $keyword = $db->real_escape_string($_GET['OVKEY']); } elseif ($_GET['utm_source']) { $keyword = $db->real_escape_string($_GET['utm_source']); } elseif ($_GET['t202kw']) { $keyword = $db->real_escape_string($_GET['t202kw']); } elseif ($referer_query['p']) { $keyword = $db->real_escape_string($referer_query['p']); } elseif ($_GET['target_passthrough']) { //if this is a mediatraffic! keyword $keyword = $db->real_escape_string($_GET['target_passthrough']); } else { //if this is a zango, or more keyword $keyword = $db->real_escape_string($_GET['keyword']); } break; case "searched": #try to get the searched keyword if ($referer_query['q']) { $keyword = $db->real_escape_string($referer_query['q']); } elseif ($referer_query['p']) { $keyword = $db->real_escape_string($referer_query['p']); } elseif ($_GET['OVRAW']) { //if this is a Y! keyword $keyword = $db->real_escape_string($_GET['OVRAW']); } elseif ($_GET['target_passthrough']) { //if this is a mediatraffic! keyword $keyword = $db->real_escape_string($_GET['target_passthrough']); } elseif ($_GET['keyword']) { //if this is a zango, or more keyword $keyword = $db->real_escape_string($_GET['keyword']); } elseif ($_GET['search_word']) { //if this is a eniro, or more keyword $keyword = $db->real_escape_string($_GET['search_word']); } elseif ($_GET['query']) { //if this is a naver, or more keyword $keyword = $db->real_escape_string($_GET['query']); } elseif ($_GET['encquery']) { //if this is a aol, or more keyword $keyword = $db->real_escape_string($_GET['encquery']); } elseif ($_GET['terms']) { //if this is a about.com, or more keyword $keyword = $db->real_escape_string($_GET['terms']); } elseif ($_GET['rdata']) { //if this is a viola, or more keyword $keyword = $db->real_escape_string($_GET['rdata']); } elseif ($_GET['qs']) { //if this is a virgilio, or more keyword $keyword = $db->real_escape_string($_GET['qs']); } elseif ($_GET['wd']) { //if this is a baidu, or more keyword $keyword = $db->real_escape_string($_GET['wd']); } elseif ($_GET['text']) { //if this is a yandex, or more keyword $keyword = $db->real_escape_string($_GET['text']); } elseif ($_GET['szukaj']) { //if this is a wp.pl, or more keyword $keyword = $db->real_escape_string($_GET['szukaj']); } elseif ($_GET['qt']) { //if this is a O*net, or more keyword $keyword = $db->real_escape_string($_GET['qt']); } elseif ($_GET['k']) { //if this is a yam, or more keyword $keyword = $db->real_escape_string($_GET['k']); } elseif ($_GET['words']) { //if this is a Rambler, or more keyword $keyword = $db->real_escape_string($_GET['words']); } else { $keyword = $db->real_escape_string($_GET['t202kw']); } break; } $keyword = str_replace('%20', ' ', $keyword); $keyword_id = INDEXES::get_keyword_id($db, $keyword); $mysql['keyword_id'] = $db->real_escape_string($keyword_id); $c1 = $db->real_escape_string($_GET['c1']); $c1 = str_replace('%20', ' ', $c1); $c1_id = INDEXES::get_c1_id($db, $c1); $mysql['c1_id'] = $db->real_escape_string($c1_id); $c2 = $db->real_escape_string($_GET['c2']); $c2 = str_replace('%20', ' ', $c2); $c2_id = INDEXES::get_c2_id($db, $c2); $mysql['c2_id'] = $db->real_escape_string($c2_id); $c3 = $db->real_escape_string($_GET['c3']); $c3 = str_replace('%20', ' ', $c3); $c3_id = INDEXES::get_c3_id($db, $c3); $mysql['c3_id'] = $db->real_escape_string($c3_id); $c4 = $db->real_escape_string($_GET['c4']); $c4 = str_replace('%20', ' ', $c4); $c4_id = INDEXES::get_c4_id($db, $c4); $mysql['c4_id'] = $db->real_escape_string($c4_id); $device_id = PLATFORMS::get_device_info($db, $detect, $_GET['ua']); $mysql['platform_id'] = $db->real_escape_string($device_id['platform']); $mysql['browser_id'] = $db->real_escape_string($device_id['browser']); $mysql['device_id'] = $db->real_escape_string($device_id['device']); if ($device_id['type'] == '4') { $mysql['click_bot'] = '1'; } $mysql['click_in'] = 1; $mysql['click_out'] = 1; $ip_id = INDEXES::get_ip_id($db, $ip_address); $mysql['ip_id'] = $db->real_escape_string($ip_id); $country_id = INDEXES::get_country_id($db, $GeoData['country'], $GeoData['country_code']); $mysql['country_id'] = $db->real_escape_string($country_id); $region_id = INDEXES::get_region_id($db, $GeoData['region'], $mysql['country_id']); $mysql['region_id'] = $db->real_escape_string($region_id); $city_id = INDEXES::get_city_id($db, $GeoData['city'], $mysql['country_id']); $mysql['city_id'] = $db->real_escape_string($city_id); if ($IspData != null) { $isp_id = INDEXES::get_isp_id($db, $IspData); $mysql['isp_id'] = $db->real_escape_string($isp_id); } if ($device_id['type'] == '4') { $mysql['click_filtered'] = '1'; } else { $click_filtered = FILTER::startFilter($db, $click_id, $ip_id, $ip_address, $user_id); $mysql['click_filtered'] = $db->real_escape_string($click_filtered); } if ($_GET[lpr] != '') { $click_sql1 = "\tSELECT \t202_clicks.click_id,keyword,keyword_id\n\t\t\t\t\tFROM \t\t202_clicks\n\t\t\t\t\tLEFT JOIN\t202_clicks_advance USING (click_id)\n\t\t\t\t\tLEFT JOIN \t202_ips USING (ip_id) \n\t\t\t\t\tLEFT JOIN \t202_keywords USING (keyword_id) \n\t\t\t\t\tWHERE \t202_ips.ip_address='" . $ip_address . "'\n\t\t\t\t\tAND\t\t202_clicks.user_id='" . $user_id . "' \n\t\t\t\t\tAND\t\t202_clicks.click_time >= '30'\n\t\t\t\t\tORDER BY \t202_clicks.click_id DESC \n\t\t\t\t\tLIMIT \t\t1"; $click_result1 = $db->query($click_sql1) or record_mysql_error($click_sql1); $click_row1 = $click_result1->fetch_assoc(); $mysql['click_id'] = $db->real_escape_string($click_row1['click_id']); $keyword = $db->real_escape_string($keyword); $keyword_id = $db->real_escape_string($click_row1['keyword_id']); $mysql['keyword_id'] = $db->real_escape_string($keyword_id); } else { //ok we have the main data, now insert this row $click_sql = "INSERT INTO 202_clicks_counter SET click_id=DEFAULT"; $click_result = $db->query($click_sql) or record_mysql_error($db, $click_sql); //now gather the info for the advance click insert $click_id = $db->insert_id; $mysql['click_id'] = $db->real_escape_string($click_id); } $mysql['click_alp'] = 0; $mysql['rotator_id'] = $db->real_escape_string($rotator_id); $mysql['user_id'] = $db->real_escape_string($user_id); //ok we have the main data, now insert this row $click_sql = "REPLACE INTO 202_clicks\n\t\t\t SET \tclick_id='" . $mysql['click_id'] . "',\n\t\t\t\t\t\t\tuser_id = '" . $mysql['user_id'] . "', \n\t\t\t\t\t\t\taff_campaign_id = '" . $mysql['aff_campaign_id'] . "', \n\t\t\t\t\t\t\tppc_account_id = '" . $mysql['ppc_account'] . "', \n\t\t\t\t\t\t\tclick_cpc = '" . $mysql['cpc'] . "', \n\t\t\t\t\t\t\tclick_payout = '" . $mysql['click_payout'] . "', \n\t\t\t\t\t\t\tclick_alp = '" . $mysql['click_alp'] . "',\n\t\t\t\t\t\t\tclick_filtered = '" . $mysql['click_filtered'] . "',\n\t\t\t\t\t\t\tclick_bot = '" . $mysql['click_bot'] . "',\n\t\t\t\t\t\t\tclick_time = '" . $mysql['click_time'] . "',\n\t\t\t\t\t\t\trotator_id = '" . $mysql['rotator_id'] . "',\n\t\t\t\t\t\t\trule_id = '" . $mysql['rule_id'] . "'"; $click_result = $db->query($click_sql) or record_mysql_error($db, $click_sql); //ok we have the main data, now insert this row $click_sql = "REPLACE INTO 202_clicks_spy\n\t\t\t\t SET \tclick_id='" . $mysql['click_id'] . "',\n\t\t\t\t\t\t\t\tuser_id = '" . $mysql['user_id'] . "', \n\t\t\t\t\t\t\t\taff_campaign_id = '" . $mysql['aff_campaign_id'] . "', \n\t\t\t\t\t\t\t\tppc_account_id = '" . $mysql['ppc_account'] . "', \n\t\t\t\t\t\t\t\tclick_cpc = '" . $mysql['cpc'] . "', \n\t\t\t\t\t\t\t\tclick_payout = '" . $mysql['click_payout'] . "', \n\t\t\t\t\t\t\t\tclick_filtered = '" . $mysql['click_filtered'] . "',\n\t\t\t\t\t\t\t\tclick_bot = '" . $mysql['click_bot'] . "',\n\t\t\t\t\t\t\t\tclick_alp = '" . $mysql['click_alp'] . "',\n\t\t\t\t\t\t\t\tclick_time = '" . $mysql['click_time'] . "'"; $click_result = $db->query($click_sql) or record_mysql_error($db, $click_sql); //now we have the click's advance data, now insert this row $click_sql = "REPLACE INTO 202_clicks_advance\n\t\t\t SET click_id='" . $mysql['click_id'] . "',\n\t\t\t\t\t\t\ttext_ad_id='" . $mysql['text_ad_id'] . "',\n\t\t\t\t\t\t\tkeyword_id='" . $mysql['keyword_id'] . "',\n\t\t\t\t\t\t\tip_id='" . $mysql['ip_id'] . "',\n\t\t\t\t\t\t\tcountry_id='" . $mysql['country_id'] . "',\n\t\t\t\t\t\t\tregion_id='" . $mysql['region_id'] . "',\n\t\t\t\t\t\t\tisp_id='" . $mysql['isp_id'] . "',\n\t\t\t\t\t\t\tcity_id='" . $mysql['city_id'] . "',\n\t\t\t\t\t\t\tplatform_id='" . $mysql['platform_id'] . "',\n\t\t\t\t\t\t\tbrowser_id='" . $mysql['browser_id'] . "',\n\t\t\t\t\t\t\tdevice_id='" . $mysql['device_id'] . "'"; $click_result = $db->query($click_sql) or record_mysql_error($db, $click_sql); //insert the tracking data $click_sql = "\n\tREPLACE INTO\n\t\t202_clicks_tracking\n\tSET\n\t\tclick_id='" . $mysql['click_id'] . "',\n\t\tc1_id = '" . $mysql['c1_id'] . "',\n\t\tc2_id = '" . $mysql['c2_id'] . "',\n\t\tc3_id = '" . $mysql['c3_id'] . "',\n\t\tc4_id = '" . $mysql['c4_id'] . "'"; $click_result = $db->query($click_sql) or record_mysql_error($db, $click_sql); //now gather variables for the clicks record db //lets determine if cloaking is on if ($rule['aff_campaign_cloaking'] == 1) { $cloaking_on = true; $mysql['click_cloaking'] = 1; //if cloaking is on, add in a click_id_public, because we will be forwarding them to a cloaked /cl/xxxx link $click_id_public = rand(1, 9) . $click_id . rand(1, 9); $mysql['click_id_public'] = $db->real_escape_string($click_id_public); } else { $mysql['click_cloaking'] = 0; } //ok we have our click recorded table, now lets insert theses $click_sql = "REPLACE INTO 202_clicks_record\n\t\t\t SET click_id='" . $mysql['click_id'] . "',\n\t\t\t\t\t\t\tclick_id_public='" . $mysql['click_id_public'] . "',\n\t\t\t\t\t\t\tclick_cloaking='" . $mysql['click_cloaking'] . "',\n\t\t\t\t\t\t\tclick_in='" . $mysql['click_in'] . "',\n\t\t\t\t\t\t\tclick_out='" . $mysql['click_out'] . "'"; $click_result = $db->query($click_sql) or record_mysql_error($db, $click_sql); //now lets get variables for clicks site //so this is going to check the REFERER URL, for a ?url=, which is the ACUTAL URL, instead of the google content, pagead2.google.... if ($referer_query['url']) { $click_referer_site_url_id = INDEXES::get_site_url_id($db, $referer_query['url']); } else { $click_referer_site_url_id = INDEXES::get_site_url_id($db, $_SERVER['HTTP_REFERER']); } $mysql['click_referer_site_url_id'] = $db->real_escape_string($click_referer_site_url_id); $outbound_site_url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $click_outbound_site_url_id = INDEXES::get_site_url_id($db, $outbound_site_url); $mysql['click_outbound_site_url_id'] = $db->real_escape_string($click_outbound_site_url_id); if ($cloaking_on == true) { $cloaking_site_url = 'http://' . $_SERVER['SERVER_NAME'] . '/tracking202/redirect/cl.php?pci=' . $click_id_public; } if ($rule['aff_campaign_id'] != null) { //rotate the urls $redirect_site_url = rotateTrackerUrl($db, $rule); } else { if ($rule['default_url'] != null) { $redirect_site_url = $rule['default_url']; } elseif ($rule['redirect_url'] != null) { $redirect_site_url = $rule['redirect_url']; } } $redirect_site_url = replaceTrackerPlaceholders($db, $redirect_site_url, $click_id); $click_redirect_site_url_id = INDEXES::get_site_url_id($db, $redirect_site_url); $mysql['click_redirect_site_url_id'] = $db->real_escape_string($click_redirect_site_url_id); //insert this $click_sql = "REPLACE INTO 202_clicks_site\n\t\t\t SET click_id='" . $mysql['click_id'] . "',\n\t\t\t\t\t\t\tclick_referer_site_url_id='" . $mysql['click_referer_site_url_id'] . "',\n\t\t\t\t\t\t\tclick_outbound_site_url_id='" . $mysql['click_outbound_site_url_id'] . "',\n\t\t\t\t\t\t\tclick_redirect_site_url_id='" . $mysql['click_redirect_site_url_id'] . "'"; $click_result = $db->query($click_sql) or record_mysql_error($db, $click_sql); //update the click summary table $now = time(); $today_day = date('j', time()); $today_month = date('n', time()); $today_year = date('Y', time()); //the click_time is recorded in the middle of the day $click_time = mktime(12, 0, 0, $today_month, $today_day, $today_year); $mysql['click_time'] = $db->real_escape_string($click_time); //check to make sure this click_summary doesn't already exist $check_sql = "SELECT *\n\t\t\t\t FROM 202_summary_overview\n\t\t\t\t WHERE user_id='" . $mysql['user_id'] . "'\n\t\t\t\t AND aff_campaign_id='" . $mysql['aff_campaign_id'] . "'\n\t\t\t\t AND ppc_account_id='" . $mysql['ppc_account'] . "'\n\t\t\t\t AND click_time='" . $mysql['click_time'] . "'"; $check_result = $db->query($check_sql) or record_mysql_error($db, $check_sql); $check_count = $check_result->num_rows; //if this click summary hasn't been recorded do this now if ($check_count == 0) { $insert_sql = "INSERT INTO 202_summary_overview\n\t\t\t\t\t SET user_id='" . $mysql['user_id'] . "',\n\t\t\t\t\t\t\t\t aff_campaign_id='" . $mysql['aff_campaign_id'] . "',\n\t\t\t\t\t\t\t\t ppc_account_id='" . $mysql['ppc_account'] . "',\n\t\t\t\t\t\t\t\t click_time='" . $mysql['click_time'] . "'"; $insert_result = $db->query($insert_sql); } if ($rule['aff_campaign_id'] != null) { //set the cookie setClickIdCookie($mysql['click_id'], $rule['aff_campaign_id']); } //now we've recorded, now lets redirect them if ($cloaking_on == true) { //if cloaked, redirect them to the cloaked site. return $cloaking_site_url; } else { return $redirect_site_url; } }
public function cloakerAction() { if (!($ip = $_POST['ip'])) { echo '0'; exit; } if (!($slug = $_POST['slug'])) { echo '0'; exit; } $row = DB::getRow("select * from bt_u_campaigns camp left join bt_u_cloakers cloak on cloak.cloaker_id=camp.cloaker_id\nwhere ((cloak.slug > '' and concat('/',cloak.slug,'/',camp.slug)='" . DB::quote($slug) . "')\nor (cloak.slug = '' and concat('/',camp.slug)='" . DB::quote($slug) . "'))"); $campaign = CampaignModel::model()->getRowFromPk($row['campaign_id']); $cloaker = $campaign->cloaker; if (!$campaign) { echo '0'; exit; } $ip_id = INDEXES::get_ip_id($ip); $referer = isset($_POST['referer']) ? $_POST['referer'] : ''; $user_agent = isset($_POST['user_agent']) ? $_POST['user_agent'] : ''; $hostname = gethostbyaddr($ip); $_SERVER['REMOTE_ADDR'] = $ip; $_SERVER['HTTP_REFERER'] = $referer; $_SERVER['HTTP_USER_AGENT'] = $user_agent; $_GET = array(); parse_str($_POST['query'], $_GET); $paused_redir = false; if ($campaign->option('advanced_redirect_status')->value) { $num_prev_visits = ClickAdvancedModel::getNumPreviousClicks($campaign->id(), $ip_id); $options = $cloaker->options; foreach ($options as $opt) { $opts[$opt->name] = $opt->value; } $opts = array_merge(CloakerOptionModel::defaultOptions(), $opts); $url = ''; //Check 1: blank referer? /*if(!trim($referer)) { $url = $opts['exclude_url']; }*/ $ip = DB::quote(ip2long($ip)); $referer = DB::quote($referer); $user_agent = DB::quote($user_agent); $hostname = DB::quote($hostname); $cloaker_id = DB::quote($cloaker->cloaker_id); if (!$url) { if (!($row = DB::getRow("select url from bt_u_cloaker_ips where cloaker_id='{$cloaker_id}' and ip_from <= '{$ip}' and ip_to >= '{$ip}'", null))) { if (!($row = DB::getRow("select url from bt_u_cloaker_referers where cloaker_id='{$cloaker_id}' and '{$referer}' REGEXP referer", null))) { if (!($row = DB::getRow("select url from bt_u_cloaker_hostnames where cloaker_id='{$cloaker_id}' and '{$hostname}' REGEXP hostname", null))) { $row = DB::getRow("select url from bt_u_cloaker_user_agents where cloaker_id='{$cloaker_id}' and '{$user_agent}' REGEXP user_agent", null); } } } } /******** ORG CHECK ***********/ // We always check the server too, in case the visitor is a known super-bad guy who should be // avoided, at all costs. if (!isset($opts['organizations'])) { $opts['organizations'] = '[]'; } $orgs_data = json_decode($opts['organizations']); $orgs = array(); foreach ($orgs_data as $data) { $orgs[] = $data[0]; } //CHECK BALLISTIC API SERVER $payload = array('ip' => getArrayVar($_POST, 'ip'), 'user_agent' => getArrayVar($_POST, 'user_agent'), 'orgs' => implode(',', $orgs), 'has_referer' => $_SERVER['HTTP_REFERER'] ? '1' : '0', 'version' => '1.0'); $ch = curl_init(API_SERVER . '/check.php?' . http_build_query($payload)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $ret = curl_exec($ch); $org_url = ''; if ($ret != 0) { foreach ($orgs_data as $data) { if ($data[0] == $ret) { $org_url = $data[1]; } } if (!$org_url) { $org_url = $opts['exclude_url']; } } /****** END ORG CHECK *********/ if (!$url) { if (!$row) { //only use org url if it did not match any filtets locally $url = $org_url; } else { // found local match $url = $row['url'] ? $row['url'] : $opts['exclude_url']; } } //handle expiration first if (!$url && $campaign->option('adv_redir_clicks')->value < $opts['expiration']) { $is_cloaked = 1; $url = $opts['exclude_url']; } elseif (!$url && ($opts['clickfrequency'] && $num_prev_visits >= $opts['clickfrequency'])) { $is_cloaked = 1; $url = $opts['exclude_url']; } elseif (!isset($url) || !$url) { //redirect to offer, no cloak $is_cloaked = 0; $url = ''; } else { $is_cloaked = 1; } //Uptick click count, regardless of cloak status $clicks = $campaign->option('adv_redir_clicks'); $clicks->value = $clicks->value + 1; $clicks->save(); } else { $options = $cloaker->options; foreach ($options as $opt) { $opts[$opt->name] = $opt->value; } $opts = array_merge(CloakerOptionModel::defaultOptions(), $opts); //if the adv. redirect is paused $is_cloaked = 0; $url = $opts['exclude_url']; $paused_redir = true; } //save click data, this will also set the clickid cookie :) $tracker_controller = new TrackerController(); $url = $tracker_controller->saveData($campaign, $is_cloaked, $url); if (!$is_cloaked && !$paused_redir) { //record uncloaked (normal) visitors. First we redirect through the tracking system $click_id = $_COOKIE['btclickid']; $type = $campaign->option('redirect_method')->value; echo getBTUrl() . "/tracker/advRedirect/?click_id={$click_id}&t={$type}"; } else { if (!$is_cloaked && $paused_redir) { echo $url; } else { echo $url; } } exit; }
public function saveData($campaign, $cloaked = 0, $outbound_url = '') { $offer_id = 0; $landing_page_id = 0; if ($campaign->type == 2) { $campoffer = rotateDirectCampaign($campaign); if (!$campoffer) { BTApp::log("Direct Link: Invalid Offers For Tracker: " . $campaign->id(), 'direct', BT_SYSLOG_CRITICAL); } $payout = $campoffer->offer->payout; $offer_id = $campoffer->offer->id(); } else { if ($campaign->type == 1) { $camplp = rotateLPCampaign($campaign); $payout = 0; $landing_page = $camplp->landing_page; $landing_page_id = $landing_page->id(); if (!$landing_page) { BTApp::log("Landing Page: Invalid Landing Page ID: " . $landing_page_id . " For Tracker: " . $campaign->id(), 'direct', BT_SYSLOG_CRITICAL); } } } $ip_id = INDEXES::get_ip_id($_SERVER['REMOTE_ADDR']); $click = new ClickModel(); $click->offer_id = $offer_id; $click->landing_page_id = $landing_page_id; $click->traffic_source_id = $campaign->traffic_source_id; $click->payout = $payout; $click->filtered = FILTER::startFilter($ip_id); $click->user_id = $campaign->user_id; $click->cloaked = $cloaked; $click->campaign_id = $campaign->id(); $click->useRuleSet("track"); $click->save(); $vars = saveTrackingVariables($campaign); //if behind cloaker scripts, we use $_POST. Otherwise (normally) use HTTP_REFERER $referer = isset($_POST['referer']) ? $_POST['referer'] : getArrayVar($_SERVER, 'HTTP_REFERER'); $keyword = getArrayVar($_GET, $campaign->option('var_kw')->value); if (!$keyword) { $keyword = getArrayVar($_GET, 'kw'); if (!$keyword) { $keyword = getArrayVar($_GET, 'keyword'); } } $keyword_id = INDEXES::get_keyword_id($keyword); $platform = INDEXES::get_platform_and_browser_id(); $organization_id = 0; $geo_block_id = 0; $device_id = 0; require BT_ROOT . '/private/includes/traffic/devices_detect_inc.php'; $adv = new ClickAdvancedModel(); $adv->click_id = $click->id(); $adv->keyword_id = $keyword_id; $adv->ip_id = $ip_id; $adv->platform_id = $platform['platform']; $adv->browser_id = $platform['browser']; $adv->org_id = $organization_id; $adv->device_id = $device_id; $adv->v1_id = $vars['v1_id']; $adv->v2_id = $vars['v2_id']; $adv->v3_id = $vars['v3_id']; $adv->v4_id = $vars['v4_id']; $adv->location_id = $geo_block_id; $adv->campaign_id = $campaign->id(); $adv->useRuleSet('track'); $adv->save(); $data = $vars; $data['keyword'] = $keyword; $data['clickid'] = base_convert($click->click_id, 10, 36); if ($offer_id) { if ($outbound_url) { $redirect_url = $outbound_url; } else { $redirect_url = $campoffer->offer->url; $redirect_url = replaceTrackerPlaceholders($redirect_url, $data); } $landing_url = ''; } else { $redirect_url = ''; if ($outbound_url) { $landing_url = $outbound_url; } else { $landing_url = $landing_page->url; } } //set the cookie setClickIdCookie(base_convert($click->click_id, 10, 36)); $site = new ClickSiteModel(); $site->click_id = $click->id(); $site->referer_url = $referer; $site->referer_domain = getUrlDomain($referer); $site->offer_url = $redirect_url; $site->landing_url = $landing_url; $site->useRuleSet('track'); $site->save(); $pass_vars = array(); $to_append = ''; if ($landing_page_id) { $type = 'lp'; } else { $type = 'offer'; } foreach ($campaign->options as $option) { if (strpos($option->name, 'pass_') === 0) { $var_name = substr($option->name, 5); $val = getArrayVar($_GET, $var_name, ''); $pass = new ClickPassthroughModel(); $pass->click_id = $click->click_id; $pass->name = $var_name; $pass->value = $val; $pass->useRuleSet('track'); $pass->save(); $pass_vars[$var_name] = $pass; } } $to_append = http_build_query($this->getPassthroughsToAppend($campaign, $pass_vars, $type)); if ($offer_id) { //direct return appendQueryString($redirect_url, $to_append); } else { //lp return appendQueryString($landing_url, $to_append); } }
/** * Logs user in and sets user auth cookie. Adds session to database * * @param string $name username * @param string $plain_pass Plain text password * @return int */ public static function log_in($name, $plain_pass) { $success = 0; $user = UserModel::userWithName($name); $message = ''; if (!$user) { $message = "Invalid username"; } if (!$message) { if ($user->get('pass_salt')) { //using new style $pass = UserModel::saltPassword($plain_pass, $user->get('pass_salt')); } else { //old style $pass = BTAuth::salt_pass($plain_pass); } if ($pass == $user->get('pass')) { $success = 1; } else { $message = 'Incorrect password'; } } if ($success) { if (!$user->get('pass_salt')) { //still using old hashing, time to upgrade $user->pass = $plain_pass; $user->save(); } $key = sha1(sha1(rand(0, 100000)) . sha1($user->get('user_id'))); $fingerprint = sha1($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] . $key); $expire = time() + AUTH_SESSION_LENGTH * 60; $cookie = array($key, $user->get('user_id')); $cookie = join('|', $cookie); $time_format = DB::quote(date('Y-m-d H:i:s', time())); $expire_format = DB::quote(date('Y-m-d H:i:s', $expire)); $active_format = $time_format; $user_id = DB::quote($user->get('user_id')); $key = DB::quote($key); $fingerprint = DB::quote($fingerprint); $ip_id = DB::quote(INDEXES::get_ip_id($_SERVER['REMOTE_ADDR'])); $meta = DB::quote(json_encode(array('user_agent' => $_SERVER['HTTP_USER_AGENT'], 'user_name' => $name, 'message' => ''))); } else { if ($user) { $time_format = DB::quote(date('Y-m-d H:i:s', time())); $expire_format = DB::quote(date('Y-m-d H:i:s', time())); $active_format = $time_format; $user_id = $user->id(); $key = ''; $fingerprint = ''; $ip_id = DB::quote(INDEXES::get_ip_id($_SERVER['REMOTE_ADDR'])); $meta = DB::quote(json_encode(array('user_agent' => $_SERVER['HTTP_USER_AGENT'], 'user_name' => $name, 'message' => $message))); } else { $time_format = DB::quote(date('Y-m-d H:i:s', time())); $expire_format = DB::quote(date('Y-m-d H:i:s', time())); $active_format = $time_format; $user_id = 0; $key = ''; $fingerprint = ''; $ip_id = DB::quote(INDEXES::get_ip_id($_SERVER['REMOTE_ADDR'])); $meta = DB::quote(json_encode(array('user_agent' => $_SERVER['HTTP_USER_AGENT'], 'user_name' => $name, 'message' => $message))); } } DB::query("insert into bt_s_authsessions set `time`='{$time_format}', `expire`='{$expire_format}', `user_id`='{$user_id}', `key`='{$key}', `fingerprint`='{$fingerprint}',\n\t\t\t\tip_id='{$ip_id}', `success`='{$success}', `meta`='{$meta}'"); if ($success) { self::set_auth_cookie($cookie, $expire); self::$_authUserId = $user->get('user_id'); self::$expire = $expire_format; } return $success; }