404.php alternative

Posted on by Martin

This is a replacement of the class.404.php file and provides a lot more information to help backtrace problems, hacking attempts, etc…

Replace /includes/classes/class.404.php with:

<?php

class ISC_404
{
	public function HandlePage()
	{

		GetLib("class.redirects");

		// We're here because we can't find the requested URL
		// It may be a URL that has been set up as a redirect, so lets check that
		ISC_REDIRECTS::checkRedirect($_SERVER['REQUEST_URI']);
		
//MOD Log variables submitted when 404 shown		
		// Log the data submitted to see if we can track back the problem
		$debug_info = "URI: {$_SERVER['REQUEST_URI']} <br>";
		if(count($_POST) > 0) {
			$debug_info .= 'POST:<br>';
			foreach($_POST AS $k => $v) {
				$debug_info .= "$k :: $v <br>";
			}
		}

		if(key_exists('HTTP_REFERER', $_SERVER)) {
		    $debug_info .= '<br>REFERER: '.$_SERVER['HTTP_REFERER'].'<br>';
        }
		
		if(count($_GET) > 0) {
			$debug_info .= '<br>GET:<br>';
			foreach($_GET AS $k => $v) {
				if(is_array($v)) {
					foreach($v AS $k2 => $v2) {
						if(is_array($v2)) {
							$debug_info .= "$k2 is still a nested array";
						}
						else {
							$debug_info .= "$k2 :: $v2 <br>";
						}
					}
				}
				else {
					$debug_info .= "$k :: $v <br>";
				}
			}
		}
		
		if(count($_POST) > 1 || count($_GET) > 1) {
		    if(key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
		        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
            }
            else {
                $ip = $_SERVER['REMOTE_ADDR'];
            }
			$GLOBALS['ISC_CLASS_LOG']->LogSystemNotice("php","IP: {$ip} - 404 error with following data submitted", $debug_info);
		}
//MOD END	
		
		// Send the 404 status headers
		header("HTTP/1.1 404 Not Found");

		// Simply show the 404 page
		$GLOBALS['ISC_CLASS_TEMPLATE']->SetPageTitle(GetConfig('StoreName')." - ".GetLang('NotFound'));
		$GLOBALS['ISC_CLASS_TEMPLATE']->SetTemplate("404");
		$GLOBALS['ISC_CLASS_TEMPLATE']->ParseTemplate();
	}
}

Alternative version to catch all 404 without $_POST and $_GET, only exclude when particular strings in URL

//MOD Log variables submitted when 404 shown    
$debug_info = "{$_SERVER['REQUEST_URI']} <br>";
if(count($_POST) > 0) {
	$debug_info .= 'POST:<br>';
	foreach($_POST AS $k => $v) {
		$debug_info .= "$k :: $v <br>";
	}
}
if(key_exists('HTTP_REFERER', $_SERVER)) {
	$debug_info .= '<br>REFERER: '.$_SERVER['HTTP_REFERER'].'<br>';
}
if(count($_GET) > 0) {
	$debug_info .= '<br>GET:<br>';
	foreach($_GET AS $k => $v) {
		if(is_array($v)) {
			foreach($v AS $k2 => $v2) {
				if(is_array($v2)) {
					$debug_info .= "$k2 is still a nested array";
				}else{
					$debug_info .= "$k2 :: $v2 <br>";
				}
			}
		}else{
			$debug_info .= "$k :: $v <br>";
		}
	}
}
if(key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
	$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
	$ip = $_SERVER['REMOTE_ADDR'];
}
if(preg_match('(.txt|.zip)', $_SERVER['REQUEST_URI']) === 0) {
	$GLOBALS['ISC_CLASS_LOG']->LogSystemNotice("php","IP: {$ip} - 404 Error", $debug_info);
}
//MOD END

Leave a Reply

Your email address will not be published. Required fields are marked *