Hi Leutz!
Also ich habe mit PHPkit eine Website eingerichtet! Soweit so gut.
Aber: Wenn man die Seite öffnet kommen 2 Fehler (ist eigentlich ein Fehler der zweimal angezeigt wird!); Fehler: "SecureSSI: Das Script (/usr/export/www/vhosts/funnetwork/hosting/excubitorluminis/index.php) hat versucht ausserhalb von ihrem Userverzeichniss auf die Datei / zuzugreifen.
Dies ist nicht erlaubt!"
Sonst geht alles aber dieser Fehler nervt...
Natürlich habe ich auch "Forschungen" angestellt aber nur herausgefunden das dafür diese Datei verantwortlich ist:
PHP
<?php
##################################################################
# #
# #
# PHPKIT #
# -------------------------------------------- #
# Copyright (c) 2002-2003 Gersöne & Schott GbR #
# #
# #
# ############################################################## #
# #
# Diese Datei / die PHPKIT-Software ist keine Freeware! #
# Für weitere Information besuchen Sie bitte unsere Webseite #
# oder kontaktieren uns per E-Mail: #
# #
# This file / the PHPKIT-software is not freeware! #
# For further informations please vistit our website #
# or contact us via email: #
# #
# Website: http://www.phpkit.de #
# Email: [email]info@phpkit.de[/email] #
# #
# ############################################################## #
# #
# File: /include.php #
# Author: Pierre Gersöne #
# Created: Version 1.6.1 - 2004-05-09 #
# Last Modified: Version 1.6.1 - 2004-13-09 #
# Description: not available for this file #
# #
# ############################################################## #
# #
# SIE SIND NICHT BERECHTIGT, UNRECHTMÄSSIGE KOPIEN DIESER #
# DATEI ZU ERSTELLEN UND/ODER DIESE INFORMATIONEN ZU ENTFERNEN #
# #
# YOU ARE NOT AUTHORISED TO CREATE ILLEGAL COPIES OF THIS #
# FILE AND/OR TO REMOVE THIS INFORMATIONS #
# #
##################################################################
if(defined('pkDIRROOT'))
return false;
if(!defined('pkFRONTEND'))
{
define('pkFRONTEND','public');
define('pkREQUESTEDFILE',basename(__FILE__));
}
# start config
@error_reporting(7);
#error_reporting(E_ALL);
// set some constants
define('pkMICROTIME',microtime());
define('pkTIME',time());
define('pkTIMETODAY',mktime(0,0,0,date('m',pkTIME),date('d',pkTIME),date('Y',pkTIME)));
define('pkEXT','.php'); // standard file extension
// define serval needed directories-paths
define('pkDIRROOT',dirname(__FILE__).'/'); // root-directory for internal use (f.e. include)
define('pkDIRINC',pkDIRROOT.'inc/'); // base source directory
define('pkDIRADMIN',pkDIRINC.'admin/'); // source directory - admin scripts
define('pkDIRCLASS',pkDIRINC.'class/'); // source directory - classes
define('pkDIRFUNC',pkDIRINC.'func/'); // source directory - functions
define('pkDIRLANG',pkDIRINC.'lang/'); // source directory - language packs
define('pkDIRPUBLIC',pkDIRINC.'public/'); // source directory - public scripts
define('pkWWWROOT',pkFRONTEND=='public' ? './' : './../'); // web-root for use in links
define('pkWWWSELF',basename(__FILE__));
if(!@include_once(pkDIRROOT.'admin/config/inc.sql.php'))
{
header('Location: '.pkWWWROOT.'install'.pkEXT);
exit;
}
require_once(pkDIRROOT.'admin/config/inc.dbtabs.php');
require_once(pkDIRFUNC.'default'.pkEXT);
require_once(pkDIRROOT.'admin/lib/lib_access'.pkEXT);
require_once(pkDIRROOT.'admin/lib/lib_parse'.pkEXT);
require_once(pkDIRROOT.'admin/lib/lib_forum'.pkEXT);
if(str_replace(".","",phpversion())<410)
getpost410vars();
if(get_magic_quotes_gpc()) {
if(is_array($_REQUEST))
$_REQUEST=stripslashes_array($_REQUEST);
if(is_array($_POST))
$_POST=stripslashes_array($_POST);
if(is_array($_GET))
$_GET=stripslashes_array($_GET);
if(is_array($_COOKIE))
$_COOKIE=stripslashes_array($_COOKIE);
@set_magic_quotes_runtime(0);
}
@ini_set("session.use_cookies","1");
pkLoadClass($ENV,'env');
pkLoadClass($SQL,'sql');
pkLoadClass($SESSION,'session');
if(!$SQL->connect()) {
header('Location: '.pkWWWROOT.'info.php?error=1');
exit();
}
$DB=&$SQL;
if(!$config=$DB->fetch_assoc($DB->query("SELECT * FROM ".$db_tab['config']." WHERE profil_active=1 LIMIT 1")))
{
header('Location: '.pkWWWROOT.'info.php');
exit();
}
$lang=array();
$LANG=&$lang;
pkLoadLang();
$PARSE=new PARSE();
$FORUM=new FORUM();
//Konfigurationswerte zur Erprobung noch nicht über Adminbereich einstellbar
$config['cookie_path']='/';
$config['cookie_domain']='';
$config['cookie_secure']=0;
$config['smilie_dir']='images/smilies';
$config['image_archive']='content/images';
$config['time_offset']=0; // ausgleich kleinerer Serverzeitabweichung in Sekunden
$config['move_logout']="path=start.php"; // Weiterleitung nach dem Logout
$config['move_login']="path=start.php"; // Weiterleitung nach dem Login falls keine Rückleitung vorhanden
$config['im_max']='50';
$config['forum_threadtitle_cut']=25;
$config['forum_threadautor_cut']=10;
$config['username_cut']=18;
$config['sidelinkfull_pages']=3;
//---Community
$config['nb_community_box']=2; //1=classic, 2=login-form
//---Forenticker
$config['nb_newthreads_scut']=0; //stringcut
$config['nb_newthreads_break']=5; //anzahl
//---Neue Forenthemen
$config['nb_curthreads_scut']=0; //stringcut
$config['nb_curthreads_break']=5; //anzahl
//---Zufallsartikel
$config['nb_randarticle_cur']=150; //Text kürzen
//---Zufallsartikel
$config['nb_newarticle_cur']=150; //Text kürzen
$config['template_dir']='templates';
$config['imagedir']='images';
//####################################################
unset($ADMINACCESS);
$event=NULL;
$USER=array();
$thisUSER=array();
$thisUSER['ipaddr']=getenv('REMOTE_ADDR');
$thisUSER['browser']=getenv('HTTP_USER_AGENT');
$thisUSER['referer']=getenv('HTTP_REFERER');
$session_expire=1800;
$time_guest=3600*24*30;
$time_now=pkTIME;
$guest_expire=$cookie_expire=pkTIME+$time_guest;
$expire=pkTIME+$session_expire;
$record_expire=pkTIME-(3600*$config['referer_delete']*7);
$present_time=formattime('','','extend');
$current_url=preg_replace('/[&|?]'.session_name().'=[^&]*/',"",preg_replace('/[&|?]nid=[^&]*/',"",getenv('REQUEST_URI')));
$current_path=preg_replace('/[&|?]'.session_name().'=[^&]*/',"",preg_replace('/[&|?]nid=[^&]*/',"",getenv('QUERY_STRING')));
if(!ipcheck($thisUSER['ipaddr']))
{
header('Location: '.pkWWWROOT.'info.php?error=3');
exit;
}
session_name("PHPKITSID");
$dounset=false;
$DB->query("DELETE FROM ".$db_tab['session']." WHERE session_expire<'".pkTIME."'");
if(isset($_REQUEST['PHPKITSID']))
$session=$DB->fetch_array($DB->query("SELECT session_id, session_userid FROM ".$db_tab['session']." WHERE session_id='".$_REQUEST['PHPKITSID']."' LIMIT 1"));
else
$session=array('session_id'=>0);
if(strlen($session['session_id'])=='32')
{
session_id($session['session_id']);
session_start();
session_getvars();
if($USER['status']=='ban')
{
header('Location: '.pkWWWROOT.'info.php?error=3');
exit();
}
if($_REQUEST['firstlog']==1 || $_REQUEST['relog']==1)
$dounset=true;
elseif($USER['sip']==$thisUSER['ipaddr'])
{
if(($USER['status']=='admin' || $USER['status']=='mod' || $USER['status']=='member' || $USER['status']=='user') && $session['session_userid']>0)
{
$userinfo=$DB->fetch_array($DB->query("SELECT user_status FROM ".$db_tab['user']." WHERE user_name='".$USER['name']."' AND user_pw='".$USER['pass']."' AND user_id='".$session['session_userid']."' LIMIT 1"));
if($userinfo['user_status']==$USER['status'])
$DB->query("UPDATE ".$db_tab['user']." SET logtime='".pkTIME."' WHERE user_name='".$USER['name']."' AND user_pw='".$USER['pass']."' AND user_id=".$session['session_userid']);
else
$dounset=true;
}
elseif($USER['status']=='guest')
{
if($USER['sip']!=$thisUSER['ipaddr'])
$dounset=true;
}
else
$dounset=true;
}
else
$dounset=true;
if($dounset || $_REQUEST['logout']==1 || $_REQUEST['login']==1)
{
if(session_is_registered("USER"))
{
session_unregister("USER");
session_unset();
@session_destroy();
}
$USER=array();
phpkitcookie("PHPKITSID");
phpkitcookie("user_id");
phpkitcookie("user_name");
phpkitcookie("user_pw");
$DB->query("DELETE FROM ".$db_tab['session']." WHERE session_id='".$session['session_id']."' LIMIT 1");
}
else {
$DB->query("UPDATE ".$db_tab['session']." SET session_expire='".$expire."', session_url='".$current_url."' WHERE session_id='".$session['session_id']."'");
$PHPKITSID=$_REQUEST['PHPKITSID']=session_id();
}
}
if(!session_is_registered("USER") || isset($_REQUEST['login']) || isset($_REQUEST['logout']) || isset($_REQUEST['firstlog']) || isset($_REQUEST['relog']) || $dounset)
{
$error=0;
if($_REQUEST['relog']==1)
{
if($userinfo=$DB->fetch_array($DB->query("SELECT user_pw FROM ".$db_tab['user']." WHERE user_name='".urldecode($_REQUEST['user'])."' AND uid='".$_REQUEST['uid']."' LIMIT 1")))
$_REQUEST['login']=1;
else
$error=3;
}
if(isset($_REQUEST['login']) || isset($_REQUEST['firstlog']))
{
if(trim($_REQUEST['user'])!='')
{
if(isset($_GET['firstlog']) || isset($_GET['relog']))
$username=urldecode($_GET['user']);
else
$username=$_REQUEST['user'];
if(isset($_GET['relog']))
$userpass=$userinfo['user_pw'];
elseif(trim($_REQUEST['userpw'])!='')
$userpass=md5($_REQUEST['userpw']);
else
$error=2;
}
else
$error=1;
if($error)
{
header('Location: include.php?path=login/login.php&error='.$error.'&PHPKITSID='.session_id());
exit();
}
}
else
{
if(isset($_COOKIE['user_id']))
$userid=intval($_COOKIE['user_id']);
else
$userid=0;
if(isset($_COOKIE['user_name']))
$username=$_COOKIE['user_name'];
else
$username=NULL;
if(isset($_COOKIE['user_pw']))
$userpass=$_COOKIE['user_pw'];
else
$userpass=NULL;
if($userid && $username && $userpass)
$_REQUEST['login_setcookie']=1;
}
$userinfo=array();
if($userid>0 || isset($_REQUEST['login']) || isset($_REQUEST['firstlog']))
{
$userinfo=$DB->fetch_array($DB->query("SELECT * FROM ".$db_tab['user']." WHERE user_name='".$username."' AND user_pw='".$userpass."' LIMIT 1"));
if($userinfo['user_name']!=$username || $userinfo['user_pw']!=$userpass)
{
if(isset($_REQUEST['login']) || isset($_REQUEST['firstlog']))
{
header('Location: '.pkWWWROOT.'include.php?path=login/login.php&error=3&PHPKITSID='.session_id());
exit;
}
unset($userinfo);
}
elseif($userinfo['user_activate']!=1 && $userinfo['user_status']!='admin' && $_REQUEST['event']!=30)
{
header ('Location: '.pkWWWROOT.'include.php?event=27');
exit;
}
}
if(empty($userinfo) || isset($_REQUEST['logout']))
{
srand((double)microtime()*1000000);
$guest_uid=md5(uniqid(rand()));
$userinfo=array();
$userinfo['user_status']='guest';
$userinfo['user_id']='0';
$userinfo['user_name']=$lang['guest_status'];
$userinfo['user_nick']=$lang['guest_status'];
$userinfo['user_pw']=$guest_uid;
$userinfo['user_groupid']=0;
$userinfo['user_email']='';
$userinfo['user_sex']='';
$userinfo['user_hpage']='';
$userinfo['user_icqid']='';
$userinfo['user_design']=0;
$userinfo['user_imoption']=0;
}
srand((double)microtime()*1000000);
$sid=md5(uniqid(rand()));
if(session_is_registered("USER"))
{
session_unregister("USER");
session_unset();
@session_destroy();
}
if($config['user_ghost']!=1)
$userinfo['user_ghost']=0;
session_id($sid);
session_start();
session_register("USER");
$HTTP_SESSION_VARS['USER']['sip']=$_SESSION['USER']['sip']=$USER['sip']=$thisUSER['ipaddr'];
$HTTP_SESSION_VARS['USER']['sbrowser']=$_SESSION['USER']['sbrowser']=$USER['sbrowser']=$thisUSER['browser'];
$HTTP_SESSION_VARS['USER']['status']=$_SESSION['USER']['status']=$USER['status']=$userinfo['user_status'];
$HTTP_SESSION_VARS['USER']['id']=$_SESSION['USER']['id']=$USER['id']=$userinfo['user_id'];
$HTTP_SESSION_VARS['USER']['name']=$_SESSION['USER']['name']=$USER['name']=$userinfo['user_name'];
$HTTP_SESSION_VARS['USER']['nick']=$_SESSION['USER']['nick']=$USER['nick']=$userinfo['user_nick'];
$HTTP_SESSION_VARS['USER']['pass']=$_SESSION['USER']['pass']=$USER['pass']=$userinfo['user_pw'];
$HTTP_SESSION_VARS['USER']['group']=$_SESSION['USER']['group']=$USER['group']=$userinfo['user_groupid'];
$HTTP_SESSION_VARS['USER']['email']=$_SESSION['USER']['email']=$USER['email']=$userinfo['user_email'];
$HTTP_SESSION_VARS['USER']['sex']=$_SESSION['USER']['sex']=$USER['sex']=$userinfo['user_sex'];
$HTTP_SESSION_VARS['USER']['hpage']=$_SESSION['USER']['hpage']=$USER['hpage']=$userinfo['user_hpage'];
$HTTP_SESSION_VARS['USER']['icqid']=$_SESSION['USER']['icqid']=$USER['icqid']=$userinfo['user_icqid'];
$HTTP_SESSION_VARS['USER']['design']=$_SESSION['USER']['design']=$USER['design']=$userinfo['user_design'];
$HTTP_SESSION_VARS['USER']['sigoption']=$_SESSION['USER']['sigoption']=$USER['sigoption']=$userinfo['user_sigoption'];
$HTTP_SESSION_VARS['USER']['lastlog']=$_SESSION['USER']['lastlog']=$USER['lastlog']=$userinfo['lastlog'];
$HTTP_SESSION_VARS['USER']['imoption']=$_SESSION['USER']['imoption']=$USER['imoption']=$userinfo['user_imoption'];
if($userinfo['sid']!='')
$HTTP_SESSION_VARS['USER']['logtime']=$_SESSION['USER']['logtime']=$USER['logtime']=$userinfo['logtime'];
else
$HTTP_SESSION_VARS['USER']['logtime']=$_SESSION['USER']['logtime']=$USER['logtime']=pkTIME;
phpkitcookie('user_id');
phpkitcookie('user_name');
phpkitcookie('user_pw');
phpkitcookie('PHPKITSID');
if($_REQUEST['login_setcookie']==1 || $_REQUEST['firstlog']==1 || $_REQUEST['relog']==1 || $USER['id']=='0')
{
phpkitcookie('user_id',$userinfo['user_id'],$cookie_expire);
phpkitcookie('user_name',$userinfo['user_name'],$cookie_expire);
phpkitcookie('user_pw',$userinfo['user_pw'],$cookie_expire);
phpkitcookie('PHPKITSID',session_id(),$cookie_expire);
}
$DB->query("INSERT INTO ".$db_tab['session']." (session_id,session_expire,session_userid,session_ip,session_browser,session_url,session_ghost) VALUES ('".session_id()."','".$expire."','".$USER['id']."','".$USER['sip']."','".$USER['sbrowser']."','".$current_url."','".$userinfo['user_ghost']."')");
$DB->query("DELETE FROM ".$db_tab['session']." WHERE session_userid='".$USER['id']."' AND session_ip='".$USER['sip']."' AND session_browser='".$USER['sbrowser']."' AND session_id!='".session_id()."'");
if(isset($_REQUEST['login']) && $_REQUEST['remove_page']!='disabled')
{
$DB->query("UPDATE ".$db_tab['user']." SET lastlog='".pkTIME."' WHERE user_id='".$USER['id']."'");
if($_REQUEST['remove_page']=='')
$remove_page="include.php";
else
$remove_page=$_REQUEST['remove_page'];
header('Location: '.pkWWWROOT.$remove_page.'?event=2&moveto='.urlencode($_REQUEST['remove_path']).'&PHPKITSID='.session_id());
exit;
}
elseif($_REQUEST['event']==30)
{
header('Location: '.pkWWWROOT.'include.php?event=30&PHPKITSID='.session_id());
exit;
}
elseif(isset($_REQUEST['logout']))
{
if($_REQUEST['remove_path']=='')
$remove_path=$config['move_logout'];
else
$remove_path=$_REQUEST['remove_path'];
header('Location: '.pkWWWROOT.'include.php?event=3&moveto='.urlencode($remove_path).'&PHPKITSID='.session_id());
exit;
}
elseif($_REQUEST['relog']==1 || $_REQUEST['firstlog']==1)
{
header('Location: '.pkWWWROOT.'include.php?path=login/profile.php&event=32&PHPKITSID='.session_id());
exit;
}
else
$PHPKITSID=$_REQUEST['PHPKITSID']=session_id();
}
unset($session);
if(pkFRONTEND!='public')
return;
if(!$config['user_design']==1 || !$style=$DB->fetch_array($DB->query("SELECT * FROM ".$db_tab['style']." WHERE style_id='".$USER['design']." AND style_user=1' LIMIT 1")))
{
$style=$DB->fetch_array($DB->query("SELECT * FROM ".$db_tab['style']." WHERE style_id='".$config['site_style']."' LIMIT 1"));
}
if(@is_dir($style['style_images'].'/images'))
$config['imagedir']=$style['style_images'].'/images';
if(($config['site_eod']!=1 || ($config['forum_eod']!=1 && $config['forum_standalone']==1)) && $USER['status']!="admin")
{
if($config['forum_eod']!=1 && $config['forum_standalone']==1)
{
header('Location: '.pkWWWROOT.'info.php?error=4');
}
else
{
header('Location: '.pkWWWROOT.'info.php?error=2');
}
exit;
}
$gettemplates=$DB->query("SELECT template_name, template_value FROM ".$db_tab['templates']." WHERE template_packid='".$style['style_template']."'");
while($templates=$DB->fetch_array($gettemplates))
{
$template_cache[$templates['template_name']]=str_replace("\"","\\\"",$templates['template_value']);
}
if($style['style_template']!= -1 && $style['style_template']!= 0)
{
$templatedir=$DB->fetch_array($DB->query("SELECT templatepack_dir FROM ".$db_tab['templatepack']." WHERE templatepack_id=".$style['style_template'].""));
if(@is_dir($templatedir['templatepack_dir']) && $templatedir['templatepack_dir']!='')
$config['template_dir']=$templatedir['templatepack_dir'];
}
if(pkREQUESTEDFILE!=basename(__FILE__))
return;
# end config
$site=$site_body=$navigation_top=$navigation_left=$navigation_right=$navigation_bottom=$site_refresh=$path=$file=$src='';
$DB->sqlerrorreport(1);
pkLoadFunc('public');
if(isset($_REQUEST['event']) && !isset($event))
$event=$_REQUEST['event'];
if($event)
include("admin/config/event.php");
if(isset($_REQUEST['path']) && !empty($_REQUEST['path']))
$path=$_REQUEST['path'];
elseif(isset($_REQUEST['file']) && !empty($_REQUEST['file']))
$file=$_REQUEST['file'];
elseif(isset($_REQUEST['src']) && !empty($_REQUEST['src']))
$src=$_REQUEST['src'];
else
$path='start';
if($path=='include.php' || $path=='blank.php' || $path=='popup.php')
{
unset($path);
pkEvent('page_not_found');
}
else {
$getblacklist=$DB->query("SELECT blacklist_url, blacklist_userstatus FROM ".$db_tab['blacklist']);
while($blacklist=$DB->fetch_array($getblacklist)) {
if(eregi($blacklist['blacklist_url'],$current_url) && $blacklist['blacklist_url']!='')
{
if(getrights($blacklist['blacklist_userstatus'])!="true")
{
$event=1;
break;
}
}
}
if($event==1)
pkEvent('access_refused');
else
{
ob_start();
/*try to include via the new source directory (since version 1.6.1)*/
switch($path) #exceptions till all links to this file are changed
{
case 'login/edtprofil.php' :
$path='usereditprofile';
break;
case 'login/extoption.php' :
$path='userextoptions';
break;
case 'forum/index.php' :
case 'forum/main.php' :
$path='forumsdisplay';
break;
}
if(!empty($path))
$path_filename=pkDIRPUBLIC.(substr($path,-4)=='.php' ? substr(basename($path),0,-4) : $path).pkEXT;
if(filecheck($path_filename))
{
include($path_filename);
}
elseif(filecheck($path) && strstr(strtolower($path),'.php') && !strstr(strtolower($path),'http://') && !strstr(strtolower($path),'https://') && !strstr(strtolower($path),'ftp://') && !strstr($path,".."))
{
include($path);
}
elseif(!strstr(strtolower($file),'http://') && filecheck($file) && !strstr($file,"..") && file_extension($file)!='php')
{
$site_body.=implode('',file($file));
}
elseif(!empty($src))
{
$src=pkEntities($src);
eval("\$site_body.=\"".getTemplate("site_iframe")."\";");
}
else
pkEvent('page_not_found');
$site_body.=ob_get_contents();
ob_end_clean();
}
}
pkPublicCalendarUpdate();
$logo_size=@getimagesize($config['site_logo']);
$logo_size=$logo_size[3];
$logo_path=$config['site_logo'];
if($config['site_adview']==1) {
pkLoadClass($admanage,'admanage');
$adview=$admanage->get();
}
include("navigation/navigation.php");
include("style.php");
eval("\$site_kopf= \"".getTemplate("site_kopf")."\";");
eval("\$site_metatags= \"".getTemplate("site_metatags")."\";");
$time_stop=pkParsertime();
if(adminaccess('adminarea'))
eval("\$sitefuss_adminlogin= \"".getTemplate("site_fuss_adminlogin")."\";");
else
$sitefuss_adminlogin='';
if(empty($config['site_copy']))
$config['site_copy']=pkEntities($config['site_name']).' © '.date('Y');
eval("\$site_fuss= \"".getTemplate("site_fuss")."\";");
eval("\$site_content= \"".getTemplate("site_body")."\";");
eval("echo \$site= \"".getTemplate("site")."\";");
pkPublicRefererLog();
?>
Alles anzeigen
[/code]