ThreadBoard ArchivesSite FeaturesActiveworlds SupportHistoric Archives |
multipath script (General Discussion)
multipath script // General DiscussionbuilderzJul 23, 2003, 5:14pm
Try these links:
http://www.ricta.net/ethaw/multipath.html http://oct31.de/aw/ls/index.html Builderz http://www.3dhost.net [View Quote] ananasJul 23, 2003, 5:53pm
bowenJul 23, 2003, 6:00pm
[View Quote]
LoL. :) make it so everything's purple!
-- --Bowen-- No of SETI units returned: 41 Processing time: 31 days, 9 hours. (Total hours: 753) www.setiathome.ssl.berkeley.edu themaskJul 23, 2003, 11:39pm
err i thought there was a php just was just a php, not so huge like Who's
multipath php *scratches head at unbelieveable add entry and crap* bowenJul 24, 2003, 3:37am
[View Quote]
Ananas' multipath php is very easy to use. There's no reason at all to
make it huge. :) -- --Bowen-- No of SETI units returned: 44 Processing time: 36 days, 0 hours. (Total hours: 864) www.setiathome.ssl.berkeley.edu dlp anneJul 24, 2003, 7:24am
This is the one I use.
<?PHP $aPaths = array ('www.url1.com/', 'http://www.url2.com/', 'http://www.url3.com/', 'http://www.url4.com/'); $fIn=$fOut=$IsZip=0; // this block is only needed if AW examines the HTTP header! if ($Content = strrchr ($QUERY_STRING, '.')) { if (stristr ($Content, ".zip")) Header ("Content-Type: application/zip"); else Header ("Content-type: image/jpeg"); } $Namepos = strrpos ($QUERY_STRING, '/'); $Filepath = substr ($QUERY_STRING, 0, $Namepos+1); $Filename = substr ($QUERY_STRING, $Namepos+1); Header( "Content-Disposition: attachment; filename=".$Filename ); $Firsttry = -1; if ($Filename[0] == '~') { $Firsttry = intval (substr($Filename,1,2))-1; $Filename = substr($Filename, 3); if ($Firsttry >= 0) if ($fIn = at fopen ($aPaths[$Firsttry].$Filepath.$Filename, "rb")) { fpassthru ($fIn); // no fclose, fpassthru() closes the file exit; } } $Anz = sizeof ($aPaths); for ($i=0; $i<$Anz; $i++) if ($i != $Firsttry) if ($fIn = at fopen ($aPaths[$i].$Filepath.$Filename, "rb")) { fpassthru ($fIn); // no fclose, fpassthru() closes the file exit; } ?> codewarriorJul 24, 2003, 11:02am
if ($Content = strrchr ($QUERY_STRING, '.'))
{ if (stristr ($Content, ".zip")) Header ("Content-Type: application/zip"); else if (stristr ($Content, ".mp3")) Header ("Content-Type: application/mp3"); else Header ("Content-type: image/jpeg"); } > if ($Content = strrchr ($QUERY_STRING, '.')) > { > if (stristr ($Content, ".zip")) > Header ("Content-Type: application/zip"); > else > Header ("Content-type: image/jpeg"); > } codewarriorJul 24, 2003, 12:05pm
This is an example of how the 3.4 browser referrer string can be
used to deny leeches the use of your object path. You must enable the referer string option for your world. If you can't read code, comprehend what applies to you, and ignore things that an experienced coder will see obviously need to be changed to work with your own OP, just ignore this post. Sorry about the formatting. I messed it up intentionally to bait the anal people into starting a flamefest. -- if (!empty($HTTP_REFERER)) { // potential 3.4 browser $a1 = explode("/", $HTTP_REFERER, 4); $a2 = explode(":", $a1[2], 3); $world = $a1[3]; $server = $a2[0]; $port = $a2[1]; // this switch needs to really be a // loop that checks a subscriber database switch($port) { case "5670": // Main AW Universe switch($world) { case "xxxxxxxx": $Leech = false; break; } break; case "5685": // Main OW Universe switch($world) { case "cwlab": $Leech = false; break; } break; case "5702": // AW Europe switch($world) { case "xxxx": case "cwlab": case "xxx": case "xxxxxxx": $Leech = false; break; } break; default: break; } // if it is not a leech, point the path at the real objects if ($Leech == false) { $ObPath = REAL_PATH; } } else { // probably a 3.3 browser // Let the megapath sort it all out header("Location: ". REDIRECT_PATH . $QUERY_STRING); exit; } if ($Leech == true) { // Record info about the request LeechLog(); Header('Status: 403 Not Authorized'); exit; } .... process the request normally codewarriorJul 24, 2003, 1:11pm
Here is another snippet. This one checks to see if the request is coming
from an AW browser. This can easily be spoofed, but it will mean someone needs to actually do some work to rip you off. This will allow both 3.3 and 3.4 browsers to access your path. -- define(BROWSER_AGENT_ACCEPT, "ActiveWorlds"); define(BROWSER_AGENT_ACCEPT2, "Active Worlds Browser"); $agent = explode("/", $_SERVER['HTTP_USER_AGENT']); if ($agent[0] != BROWSER_AGENT_ACCEPT) { if ($agent[0] != BROWSER_AGENT_ACCEPT2) { Snooper(); // log this and then die } } ... process the request normally themaskJul 24, 2003, 7:00pm
oh man im confused, codewarriror, your code looks very good, but i dont know
where to add the snippets in the php.. because i wouldnt know what i would be doing.. heh bowenJul 24, 2003, 7:08pm
[View Quote]
That's the actual php itself from what I gather. Of course you'll have
to define Snooper();. -- --Bowen-- No of SETI units returned: 44 Processing time: 36 days, 0 hours. (Total hours: 864) www.setiathome.ssl.berkeley.edu kahJul 24, 2003, 10:46pm
"codewarrior" <pete at accelr8r.com> wrote in news:3f1fe7b3$1 at server1.Activeworlds.com:
> This is an example of how the 3.4 browser referrer string can be > used to deny leeches the use of your object path. You must > enable the referer string option for your world. > > If you can't read code, comprehend what applies to you, > and ignore things that an experienced coder will see obviously > need to be changed to work with your own OP, just ignore this > post. > > Sorry about the formatting. I messed it up intentionally to bait > the anal people into starting a flamefest. > LeechLog(); Two things: 1) You're not defining LeechLog() anywhere. If you use his code, add this at the end: ==start code== function LeechLog () { $log = at fopen ("leeches.log", "a"); //Open file in append mode if (!$log) //Error opening log file return; fwrite ($log, "Leech attempt from IP: ".$_SERVER["REMOTE_ADDR"]."\n"); fclose ($log); } ==end code== If your PHP version is inferior to 4.1.0 you'll need to replace $_SERVER with $HTTP_SERVER_VARS. 2) You assume register_globals to be on. This is bad practice, especially as r_g defaults to off since PHP 4.2. Use $_SERVER["HTTP_REFERER"] (see note above for old PHP versions) I recommend users of the code replace $HTTP_REFERER with the above snippet. Besides that, nice coding. KAH themaskJul 25, 2003, 12:40am
So how would the mutlipath deal with the avatar.zips? Man im being a pain..
sorry bowenJul 25, 2003, 3:48am
[View Quote]
Well, what this one is doing is checking to see if the browser is
activeworlds or not, if it's just the standard IE/mozilla/netscape/opera it gives them an error/404/whatever. If it is AWB, then it lets it do anything it could do normally (what this is doing is protecting your object path from people who would take objects and textures (not that you couldn't open the AW browser and do it anyways)). -- --Bowen-- No of SETI units returned: 44 Processing time: 36 days, 0 hours. (Total hours: 864) www.setiathome.ssl.berkeley.edu ananasJul 25, 2003, 9:20am
http://oct31.de/aw/infos/MultipleAvatarsDat.txt
One of those 3 ways to do it should help in most cases. [View Quote] codewarriorJul 25, 2003, 11:32am
There was another thing noone mentioned. My previous code should have
defined $Leech = true at the beginning before any of the other code. [View Quote] The method shown will log each attempt to access your path by inreasing the log file size. This introduces a vulnerability to a type of DOS attack. A malicious person could simply hammer your OP repeatedly, causing the log file to increase in size in an unbounded manner until your OP space is all used up, and your performance would begin to degrade well in advance as the log file gets bigger and bigger. Here is a function (sorry about the formatting again) that will record leech attempts in a log file, but will only record one line for each world that is trying to leech. This will keep the leech log file from growing unbounded. Notice also that it is the REFERER that should be logged. The REMOTE_ADDR in this case is just someone who is visiting a world that is trying to leech off your path. The REFERER will be blank if the leech is not a 3.4 world, or it will actually tell you which world is trying to leech your objects if it is a 3.4 world. Also note the use of the ' at ' in front of many functions to prevent them from printing errors into your HTML document if they fail for some reason. PHP functions often print information you don't want people to see, and if the script wishes to do something more such as creating 'fake' objects or textures to give to leech attempts, error messages in the HTTP stream will corrupt the stream and cause them to be unrecognized as valid MIME objects. The code is loosely based of some page hit counter code. It really should use a database to record this kind of thing. -- function LeechLog() { $cnt = 0; $found = "false"; $filename = LOG_PATH."leech.counter"; // potential 3.4 browser $a1 = explode("/", $_SERVER['HTTP_REFERER'], 4); $a2 = explode(":", $a1[2], 3); $world = $a1[3]; $server = $a2[0]; $port = $a2[1]; $agent = explode("/", $_SERVER['HTTP_USER_AGENT'], 2); // it's good practice to limit the size of any string that came from the // outside world so as to protect against buffer overrun based hacks // we plan to sprintf these all into a buffer, so clean them up a bit if (strlen($agent) > 16) $agent = substr($agent, 0, 16); if (strlen($world) > 16) $world = substr($world, 0, 16); if (strlen($server) > 16) $server = substr($server, 0, 16); if (strlen($port) > 5) $port = substr($port, 0, 5); $key = sprintf("%16s%5s%16s", $server, $port, $world); if (file_exists ($filename)) { $fp = at fopen($filename,"r+"); } else { $fp = at fopen($filename,"w"); } if ($fp) { $offset = 0; $cnt = 1; while (($found == "false") && ($row = at fgets($fp,4096))) { $cols = explode(";",$row); $cols[1] = trim($cols[1]); if ($cols[0] == $key) { $cnt = ++$cols[1]; $record = sprintf("%s;%8d;%16s\n", $key, $cnt, $_SERVER['HTTP_USER_AGENT']); at fseek($fp,$offset); at fputs($fp, $record); $found = "true"; } $offset = at ftell($fp); } at fclose($fp); } if ($found=="false") { // no record found $fp = at fopen($filename,"a"); if ($fp) { // record 1 offense $record = sprintf("%s;%8d;%16s\n", $key, 1, $_SERVER['HTTP_USER_AGENT']); at fputs($fp, $record); at fclose($fp); } } } codewarriorJul 25, 2003, 12:28pm
<note the use of "sandwich" posting>
[View Quote] My strategy for dealing with the avatars.zip and the terrains is to do as I think Alex suggested... Refuse to do anything at all to try to fix them :-P AW needs to simply add a per world name for the avatars.zip file, and a per world prefix for the terrain texture names. I suspect it's ugly to do the avatars.dat file because I think it may be built into the browser. If this info starts to come from the server in some future version, they will not have an easy choice of what to do when the browser enters an older world whose server doesn't provide the info. They could make the browser try to read a file called avatar_config.dat from your OP path though. It doesn't exist on older OPs, so if it doesn't exist, they can go ahead and do what they do now. If said file does exist, it could contain a list of names of files associated with particular worlds such that the browser could determine if it was in one of the worlds listed, and load the appropriate files. If the user is in none of the listed worlds, then it would fall back to loading the avatars.dat as it does now, and using 'terrain' as the prefix for the terrain textures. An alternative would be to extend the capabilities within the existing avatars.dat file format to allow each avatar listed to have a list of worlds it may appear in. This would be a very ugly way to do it, but it would be better than nothing, although it doesn't at all address the issue of all the terrain texture names being the same. Another alternative would simply be to pre-pend the world name in front of the filename with an underscore and just try to read that file first... i.e. look for cwlab_avatars.dat first, and try to load cwlab_terrainXX.jpg. This is a bit ugly too.. an actual configuration file would be much more preferable. Many of the things that would make life easier for OP path hosters and people trying to make dynamic content based on server side scripting could be done without having to expose GUI based methods to set up and control them. There is no built in GUI based mechanism for editing the avatars.dat file for example, so the precedent has already been set for controlling aspects of your world via a text file on your OP path with no GUI tools for doing so provided in the browser. In addition to not requiring GUI tools for such things, the *world* server would not need to keep track of this information. I suspect that AW is loathe to do anything with the world server code and protocols, and I don't blame them. Changing the way that works should not be treated lightly, but adding additional text files to your OP path to control some new features should be a pretty simple and safe way to go about some things. > sorry > So how would the mutlipath deal with the avatar.zips? Man im being a pain.. news:3f209886 at server1.Activeworlds.com... [View Quote] <note the use of "sandwich" posting> bowenJul 25, 2003, 1:50pm
[View Quote]
It works because it defines the .zip extension. So anything that's zip
or jpeg will be displayed properly. Including avatars.zip. -- --Bowen-- No of SETI units returned: 44 Processing time: 36 days, 0 hours. (Total hours: 864) www.setiathome.ssl.berkeley.edu themaskJul 27, 2003, 1:56am
Well the php that dlp anne posted, isn't working, i have both ops local on
the server, one /themask and the other /ops/world.. it isnt working.. :-\ ananasJul 27, 2003, 6:51am
If you have 2 local paths, you should not use the http:// URL
but the server path. Example : $aPaths = array ('/vol/op1/', '/opt/var/op2/); [View Quote] |