Форум Сайтостроение Веб-строительство

error.php - обработчик ошибок. код + нужна проверка

B
На сайте с 04.12.2008
Offline
69
blacks
2618

Добрых выходных всем! Теплых и свежих.

Есть два php файла - выводят сообщения об ошибках и высылают на мыло эти самые ошибки.

Ошибки берутся из .htaccess (403, 404, 405)

Вопрос: интересует насколько надежный "от взлома" данный php - я в php нюб но атак боюсь:rolleyes:

.htaccess 

ErrorDocument 400 /error.php

ErrorDocument 401 /error.php

ErrorDocument 403 /error.php

ErrorDocument 404 /error.php

ErrorDocument 500 /error.php

unctions_err.inc.php 


<?php

/**

  * @domain:    DESILVA.BIZ      

  * @file:      FUNCTIONS_ERR.INC.PHP      

  * @author:    J de Silva

  * @website:   www.desilva.biz

  * @email:     scripts[AT]desilva[DOT]biz

  * @copyright: Gen.I designs

  * @date:      November 16th, 2003

  * @version:   1.0

  * @about:     The 'engine' behind a simple Error 404 handler.

  *              

/*===================================*/ 



/////////////////////////////////////////////////////////////////////

//  FILL IN THE FOLLOWING DETAILS

/////////////////////////////////////////////////////////////////////

      /* Set the email address that will receive error notifications */

      $to       = 'admin@example.com';

      /* Set your domain name below, without the 'http://' or 'www' bits */

      $domain   = 'example.com';

      /* That's ALL, nothing more to edit below.... */

#-------------------------------------------------------------------#



/////////////////////////////////////////////////////////////////////

//  DEFINE SOME REQUIRED CONSTANTS...

/////////////////////////////////////////////////////////////////////

define( 'ADMIN_EMAIL',  $to );

define( 'ADMIN_DOMAIN', $domain );

define( 'NL',           "\r\n" );

unset( $to, $domain );

#-------------------------------------------------------------------#



/////////////////////////////////////////////////////////////////////

//  Required functions

/////////////////////////////////////////////////////////////////////

function load_request_uri()

{

   $qs = ( isset($_SERVER['REDIRECT_QUERY_STRING']) ? '?'.$_SERVER['REDIRECT_QUERY_STRING'] : '' );

   return( $_SERVER['REDIRECT_URL'].$qs );

}



function is_reported()

{

   if( isset($_COOKIE['http_errors']) )

   {

      $_COOKIE['http_errors'] = unserialize( ($_COOKIE['http_errors']) );

      if( is_array($_COOKIE['http_errors']) )

      {

            // I cannot recall why now, but I remember noticing that

            // $_SERVER['REQUEST_URI'] was NOT always available...

            if( !isset($_SERVER['REQUEST_URI']) )

            {

               $_SERVER['REQUEST_URI']   = load_request_uri();

            }

            if( in_array($_SERVER['REQUEST_URI'], $_COOKIE['http_errors']) )

            {

               // this error page / url has been reported by this person before

               return( TRUE );

            }

      }

   }

   // this person has either NEVER reported an error before

   // or this is a NEW url error to report

   $_COOKIE['http_errors'][] = $_SERVER['REQUEST_URI'];

   $value = serialize( $_COOKIE['http_errors'] );

   setcookie( 'http_errors', $value, time() + 24*60*60, '/', '.'.ADMIN_DOMAIN, 0 );

   unset( $value );

   return( FALSE );

}



function send_error_email( $error_code )

{  

   if( !is_reported() )

   {

      if( !isset($_SERVER['REQUEST_URI']) )

      {

         $_SERVER['REQUEST_URI']   =   load_request_uri();

      }

      // the referring page, if any

      $referred_by = ( isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'Unknown' );

      $subject = "An error has occured - type: $error_code";  

      $message = 'The following error has occured:'.NL

                     .'--------------------------------'.NL.NL

                     ."  Type          : $error_code".NL

                     ."  Page          : {$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}".NL

                     ."  Referred from : $referred_by".NL

                     .'  Time          : '.date('d/m/Y H:i:s').NL

                     ."  From IP       : {$_SERVER['REMOTE_ADDR']}".NL.NL

                     .'Regards,'.NL

                     .'Your hard-working web server.';

      $headers = "From: webserver@{$_SERVER['SERVER_NAME']}\n"

                     ."Reply-To: webserver@{$_SERVER['SERVER_NAME']}\n"

                     ."X-Mailer: PHP/".phpversion();

      // send the email

      mail( ADMIN_EMAIL, $subject, $message, $headers );

      unset( $error_code, $referred_by, $subject, $message, $headers );

   }

}

#-------------------------------------------------------------------#

?>

error.php 

<?php

/**

  * @domain:    DESILVA.BIZ      

  * @file:      ERROR.PHP      

  * @author:    J de Silva

  * @website:   www.desilva.biz

  * @email:     scripts[AT]desilva[DOT]biz

  * @copyright: Gen.I designs

  * @date:      November 16th, 2003

  * @version:   n/a

  * @about:     Error Notification Page.

  *              

/*===================================*/ 



include_once( './functions_err.inc.php' );

$error_code = ( !isset($_SERVER['REDIRECT_STATUS']) ? 'Undefined' : intval($_SERVER['REDIRECT_STATUS']) );

send_error_email( $error_code );

?>

<html>

<head>

<title>HTTP ERROR: <?php echo $error_code; ?></title>

</head>

<body>

<!--

   START, INSERT YOUR HTML / WEB PAGE HERE. 

   NOTE THAT INTERNET EXPLORER DOES NOT LOAD

   YOUR CUSTOM ERROR PAGE IF THE FILE SIZE

   OF THIS WEB PAGE IS SMALL, I WILL TRY

   TO LOOK FOR A REFERENCE ABOUT THIS SOON...

-->

</body>

</html>

P.S. код-пример не мой.

взят от сюда http://www.gidforums.com/t-1398.html

Авторизуйтесь или зарегистрируйтесь, чтобы оставить комментарий