added on local at 2026-07-02 15:57:03
| 1 | #!/usr/bin/perl | |
| 2 | #====================================================================== | |
| 3 | # AffSoft -- anonymous pageview tracker (1x1 GIF beacon). | |
| 4 | # Included from the marketing wrapper. Skips logged-in users + bots. | |
| 5 | # Captures pre-signup paths only; admin_funnels.cgi reads anon_sessions | |
| 6 | # + anon_pageviews to render the Top Acquisition Paths panel. | |
| 7 | #====================================================================== | |
| 8 | use strict; | |
| 9 | use warnings; | |
| 10 | use lib '/var/www/vhosts/3dshawn.com/affiliate.3dshawn.com'; | |
| 11 | use CGI; | |
| 12 | use MODS::DBConnect; | |
| 13 | use Digest::SHA qw(sha1_hex); | |
| 14 | ||
| 15 | my $q = CGI->new; | |
| 16 | my $db = MODS::DBConnect->new; | |
| 17 | ||
| 18 | # Logged-in user? Skip silently — those pages aren't part of the funnel. | |
| 19 | my $auth_cookie = $q->cookie('affsoft_session') || ''; | |
| 20 | if (length($auth_cookie) >= 16) { _ok_noop(); } | |
| 21 | ||
| 22 | # Cheap bot guard | |
| 23 | my $ua = $ENV{HTTP_USER_AGENT} || ''; | |
| 24 | if ($ua =~ /bot|crawl|spider|slurp|wget|curl|headless|preview|monitor/i) { | |
| 25 | _ok_noop(); | |
| 26 | } | |
| 27 | ||
| 28 | # Read/mint session token (40-hex chars, 365-day cookie) | |
| 29 | my $token = $q->cookie('_anon_tk') || ''; | |
| 30 | $token =~ s/[^a-f0-9]//g; | |
| 31 | my $is_new = 0; | |
| 32 | if (length($token) != 40) { | |
| 33 | my @hex = ('0'..'9','a'..'f'); | |
| 34 | $token = ''; | |
| 35 | $token .= $hex[int(rand(@hex))] for 1..40; | |
| 36 | $is_new = 1; | |
| 37 | } | |
| 38 | ||
| 39 | # Inputs | |
| 40 | my $path = $q->param('p') || $ENV{HTTP_REFERER} || '/'; | |
| 41 | $path =~ s{^https?://[^/]+}{}; | |
| 42 | $path = substr($path, 0, 500); | |
| 43 | $path =~ s/[\x00-\x1f]//g; | |
| 44 | ||
| 45 | my $ref_full = $q->param('r') || $ENV{HTTP_REFERER} || ''; | |
| 46 | my $ref_host = ''; | |
| 47 | if ($ref_full =~ m{^https?://([^/]+)}) { $ref_host = lc($1); } | |
| 48 | $ref_host = substr($ref_host, 0, 191); | |
| 49 | ||
| 50 | my $utm_source = substr(($q->param('us') || ''), 0, 120); | |
| 51 | my $utm_medium = substr(($q->param('um') || ''), 0, 120); | |
| 52 | my $utm_campaign = substr(($q->param('uc') || ''), 0, 120); | |
| 53 | ||
| 54 | my $ua_hash = sha1_hex($ua); | |
| 55 | my $ip = $ENV{HTTP_X_FORWARDED_FOR} || $ENV{REMOTE_ADDR} || ''; | |
| 56 | $ip =~ s/,.*$//; $ip =~ s/\s+//g; | |
| 57 | my $ip_hash = sha1_hex($ip); | |
| 58 | ||
| 59 | my $token_q = $token; | |
| 60 | my $path_q = _q($path); | |
| 61 | my $ref_q = _q($ref_host); | |
| 62 | my $us_q = _q($utm_source); | |
| 63 | my $um_q = _q($utm_medium); | |
| 64 | my $uc_q = _q($utm_campaign); | |
| 65 | my $ua_q = _q($ua_hash); | |
| 66 | my $ip_q = _q($ip_hash); | |
| 67 | ||
| 68 | my $dbh = $db->db_connect() or _ok_noop(); | |
| 69 | ||
| 70 | # --- phase5-tracking-exclusion :: 2026-07-02 --- | |
| 71 | { | |
| 72 | my $ip_check = $ip; | |
| 73 | $ip_check =~ s/[^0-9a-fA-F:.]//g; | |
| 74 | if (length $ip_check) { | |
| 75 | my $excl = $db->db_readwrite($dbh, qq~ | |
| 76 | SELECT id FROM tracking_exclusions | |
| 77 | WHERE active=1 AND ip='$ip_check' LIMIT 1 | |
| 78 | ~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 79 | if ($excl && $excl->{id}) { | |
| 80 | $db->db_disconnect($dbh); | |
| 81 | _ok_noop(); | |
| 82 | } | |
| 83 | } | |
| 84 | } | |
| 85 | ||
| 86 | my $existing = $db->db_readwrite($dbh, qq~ | |
| 87 | SELECT id, page_count FROM anon_sessions WHERE session_token='$token_q' LIMIT 1 | |
| 88 | ~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 89 | ||
| 90 | my ($sid, $seq); | |
| 91 | if ($existing && $existing->{id}) { | |
| 92 | $sid = $existing->{id} + 0; | |
| 93 | $seq = ($existing->{page_count} || 0) + 0; | |
| 94 | $db->db_readwrite($dbh, qq~ | |
| 95 | UPDATE anon_sessions | |
| 96 | SET last_seen_at=NOW(), page_count=page_count+1 | |
| 97 | WHERE id='$sid' | |
| 98 | ~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 99 | } else { | |
| 100 | my $r = $db->db_readwrite($dbh, qq~ | |
| 101 | INSERT INTO anon_sessions | |
| 102 | (session_token, first_seen_at, last_seen_at, end_reason, | |
| 103 | referer_host, utm_source, utm_medium, utm_campaign, | |
| 104 | landing_path, user_agent_hash, ip_hash, page_count) | |
| 105 | VALUES | |
| 106 | ('$token_q', NOW(), NOW(), 'active', | |
| 107 | '$ref_q', '$us_q', '$um_q', '$uc_q', | |
| 108 | '$path_q', '$ua_q', '$ip_q', 1) | |
| 109 | ~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 110 | $sid = $r ? ($r->{mysql_insertid} || 0) + 0 : 0; | |
| 111 | $seq = 0; | |
| 112 | } | |
| 113 | ||
| 114 | if ($sid) { | |
| 115 | $db->db_readwrite($dbh, qq~ | |
| 116 | INSERT INTO anon_pageviews (session_id, sequence, page_path, occurred_at) | |
| 117 | VALUES ('$sid', '$seq', '$path_q', NOW()) | |
| 118 | ~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 119 | } | |
| 120 | ||
| 121 | $db->db_disconnect($dbh); | |
| 122 | ||
| 123 | print "Status: 200 OK\nContent-Type: image/gif\n"; | |
| 124 | if ($is_new) { | |
| 125 | print "Set-Cookie: _anon_tk=$token; Path=/; Max-Age=31536000; SameSite=Lax; HttpOnly\n"; | |
| 126 | } | |
| 127 | print "Cache-Control: no-store, no-cache, must-revalidate, max-age=0\nPragma: no-cache\n\n"; | |
| 128 | print pack('H*', '47494638396101000100800000ffffff00000021f90401000001002c00000000010001000002024401003b'); | |
| 129 | exit; | |
| 130 | ||
| 131 | sub _q { | |
| 132 | my $s = shift // ''; | |
| 133 | $s =~ s/\\/\\\\/g; | |
| 134 | $s =~ s/'/''/g; | |
| 135 | return $s; | |
| 136 | } | |
| 137 | sub _ok_noop { | |
| 138 | print "Status: 200 OK\nContent-Type: image/gif\nCache-Control: no-store\n\n"; | |
| 139 | print pack('H*', '47494638396101000100800000ffffff00000021f90401000001002c00000000010001000002024401003b'); | |
| 140 | exit; | |
| 141 | } |