function recordVisit($testcase = '', $record = '') { global $db; if (empty($testcase)) { $phpbasename = basename($_SERVER['SCRIPT_NAME']); $testcase = substr($phpbasename, 0, strlen($phpbasename) - 4); } if ($testcase == 'index' || $testcase == '404') { return; } if ($record == '') { $record = $_SESSION['scan']['record']; } else { $record = str_replace('/', '', $record); $record = str_replace('\\', '', $record); $record = str_replace('.', '', $record); } if (CHEATPROOF) { $secreturi = $_SESSION['testcases'][$testcase]; } else { $secreturi = 'NA'; } if (!isset($_SESSION['scan']['pageVisits'][$testcase])) { // initialize $_SESSION['scan']['pageVisits'][$testcase] = array("testcase" => $testcase, "secreturi" => $secreturi, "noofaccess" => 1, "timefirstaccess" => time(), "timelastaccess" => time(), "useragent" => $_SERVER['HTTP_USER_AGENT'], "ipaddress" => $_SERVER['REMOTE_ADDR']); } else { $visitedurl = $_SESSION['scan']['pageVisits'][$testcase]; $_SESSION['scan']['pageVisits'][$testcase]["noofaccess"]++; $_SESSION['scan']['pageVisits'][$testcase]["timelastaccess"] = time(); } if (DATASTORE == 'db') { saveScan($_SESSION['scan']); $sql = "INSERT INTO pageVisits"; $sql .= " (record, testcase, secreturi, noofaccess, timefirstaccess, timelastaccess, useragent, ipaddress)"; $sql .= " VALUES "; $sql .= " ('" . mysql_escape_string($_SESSION['scan']['record']) . "','" . mysql_escape_string($_SESSION['scan']['pageVisits'][$testcase]['testcase']) . "','" . mysql_escape_string($_SESSION['scan']['pageVisits'][$testcase]['secreturi']) . "'," . mysql_escape_string($_SESSION['scan']['pageVisits'][$testcase]['noofaccess']) . "," . mysql_escape_string($_SESSION['scan']['pageVisits'][$testcase]['timefirstaccess']) . "," . mysql_escape_string($_SESSION['scan']['pageVisits'][$testcase]['timelastaccess']) . ",'" . mysql_escape_string($_SESSION['scan']['pageVisits'][$testcase]['useragent']) . "','" . mysql_escape_string($_SESSION['scan']['pageVisits'][$testcase]['ipaddress']) . "')"; $sql .= " ON DUPLICATE KEY"; $sql .= " UPDATE noofaccess=noofaccess+1, timelastaccess = '" . mysql_escape_string($_SESSION['scan']['pageVisits'][$testcase]['timelastaccess']) . "', useragent = '" . mysql_escape_string($_SESSION['scan']['pageVisits'][$testcase]['useragent']) . "'"; $rs = mysql_query($sql, $db); //mysql_free_result($rs); } else { saveScan($_SESSION['scan']); } echo ' You have reached Test Case ' . htmlentities($testcase) . ' for the ' . ordinal_num($_SESSION['scan']['pageVisits'][$testcase]['noofaccess']) . " time!<br/>\n"; }
<?php require_once '../genclude.php'; if (empty($_SESSION['scan']['pageVisits'])) { saveScan($_SESSION['scan']); } $_GET['id'] = $_SESSION['scan']['record']; $showbacklink = false; include 'statistics.php'; exit;