#! /bin/sh
# anonphp - PHP module to prevent PHP pages from logging remote addresses.
#
# Location: <https://www.inventati.org/inventa/doku.php?id=anonphp>
#
# NO Copyright (C)  2005  NonfirmareNiente.
# Released under the Public Domain.
#
# Copying and distribution of this file, with or without modification,
# are permitted.
#
# This software is provided by the authors and contributors `as is'
# and any express or implied warranties are disclaimed.  In no event
# shall the authors or contributors be liable for any damages however
# caused and on any theory of liability, whether in contract, strict
# liability, or tort arising in any way out of the use of this
# software, even if advised of the possibility of such damage.
#
# Run this script to extract `Makefile' and `anonphp.c' in the current
# directory.
#
# Then type `make install' to install anonphp.
#
# Then add `extension=anonphp.so' to you `php.ini' file.
#
# Please note the following things:
#
#  - this module had very poor testing
#
#  - I don't think it works with register_globals=on (not tested)
#
#  - this is a ugly empirical hack, so it may contain bugs. For
#    example, maybe there is another $FUCKEDVARIABLE['REMOTE_ADDR']
#    which contains the IP address of the user viewing the page, or of
#    his proxy.  If this is the case, please fix or post a bug-report at
#    the wiki page mentioned above ("Location:").  See the phpinfo()
#    output for example, the "Apache Environment" section, REMOTE_ADDR
#    variable.
#
#  - perhaps there is a better way to do cleanly what this scripts is
#    meant to do, but I do not know php/zope enought for this.
#
#  - it is still true that if the web pages inline images from other
#    web servers, and the surfer not configured his browser to not
#    dowload them, then his privacy is compomised.
#
# So, you can use this module as a way to help your users to not log
# IP addresses, but do not trust it as a way to prevent them doing so.

awk 'BEGIN { RS = "\n--- ed script ---\n"; }
     // { if (FNR == 2) print $0 }' \
    < $0 \
 | ed -s > /dev/null
exit $?

--- ed script ---
f Makefile
a
CC=gcc
CFLAGS=-Wall -D_GNU_SOURCE $(shell php-config --includes)
libdir=$(shell php-config --extension-dir)

.PHONY: all clean install

all: anonphp.so

clean:
	-rm anonphp.so

install: anonphp.so
	cp anonphp.so $(libdir)/anonphp.so

anonphp.so: anonphp.c
	$(CC) $(CFLAGS) -shared -o $@ $<
.
w
1,$d
f anonphp.c
a
#include <string.h>
#include <stdio.h>
#include <php.h>

PHP_MINIT_FUNCTION(anonphp);

zend_module_entry anonphp_module_entry =
{
    STANDARD_MODULE_HEADER,
    "anonphp",
    NULL,
    NULL,
    NULL,
    PHP_MINIT(anonphp),
    NULL,
    NULL,
    "0.1.0-alpha1",
    STANDARD_MODULE_PROPERTIES
};

ZEND_GET_MODULE(anonphp);

PHP_MINIT_FUNCTION(anonphp)
{
  zval *retval;
  MAKE_STD_ZVAL(retval);

  /* Fake REMOTE_ADDR. */
  zend_eval_string ("$HTTP_SERVER_VARS['REMOTE_ADDR']='127.0.0.1';",
                    retval, "wtf");
  zend_eval_string ("$_SERVER['REMOTE_ADDR']='127.0.0.1';", retval, "wtf");
  /* This is not needed, but if it will become needed... we're ready. */
  zend_eval_string ("$GLOBALS['REMOTE_ADDR']='127.0.0.1';", retval, "wtf");

  {
    /* 
     * Please note that REMOTE_ADDR was not included because it is
     * required (so it will not be removed but was faked).
     */
    char *enemies[] = {"REMOTE_HOST", "HTTP_X_FORWARDED_FOR",
		       "HTTP_X_REMOTECLIENT_IP", "HTTP_PC_REMOTE_ADDR",
		       "REMOTE_IDENT",
		       NULL};
    char *commands[] = {"unset ($HTTP_SERVER_VARS['%s']);",
			"unset ($_SERVER['%s']);",
			/*
			 * This is not needed, but if it will become
			 * needed... we're ready.
			 */
		       "unset ($GLOBALS['%s']);",
			NULL};
    char *enemy = enemies[0];
    char *command = commands[0];
    char *command_for_enemy = NULL;
    int enemy_counter;
    int command_counter;
    for (enemy_counter = 0; enemy; enemy = enemies [++enemy_counter])
      {
	for (command_counter = 0; command; 
	     command = commands [++command_counter])
	  {
	    asprintf (&command_for_enemy, command, enemy);
	    zend_eval_string (command_for_enemy, retval, "wtf");
	    free (command_for_enemy);
	    command_for_enemy = NULL;
	  }
      }
  }
  return SUCCESS;
}
.
wq
 
  anonphp.txt · Ultima modifica: 27.04.2005 17:21 by 127.0.0.1
 
RSS: Modifiche Recenti Contenuti: Licenza Creative Commons Valid XHTML 1.0 Valid CSS Sito fatto con: DokuWiki Sito ospitato da: Inventati.org