whois function bug

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
pauldr
Forum Newbie
Posts: 18
Joined: Fri Apr 10, 2009 6:40 am

whois function bug

Post by pauldr »

I have a function that does a whois lookup on a block of IP addresses. It then parses the information into the following format:

Net Range    Org Name    Org ID   Net Handle
69.147.64.0 - 69.147.127.255    Yahoo! Inc.     YHOO    NET-69-147-64-0-1

Based upon the following data:

OrgName: Yahoo! Inc.
OrgID: YHOO
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US

NetRange: 69.147.64.0 - 69.147.127.255
CIDR: 69.147.64.0/18
NetName: A-YAHOO-US5
NetHandle: NET-69-147-64-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
Comment:
RegDate: 2006-06-26
Updated: 2006-09-22

RAbuseHandle: NETWO857-ARIN
RAbuseName: Network Abuse
RAbusePhone: +1-408-349-3300
RAbuseEmail: network-abuse@cc.yahoo-inc.com

RTechHandle: NA258-ARIN
RTechName: Netblock Admin
RTechPhone: +1-408-349-3300
RTechEmail: rauschen@yahoo-inc.com

OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: network-abuse@cc.yahoo-inc.com

OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: rauschen@yahoo-inc.com

The problem comes into play when the whois data is in the following format:

#whois 69.44.0.0
Level 3 Communications, Inc. LVLT-ORG-69-44 (NET-69-44-0-0-1)
69.44.0.0 - 69.45.255.255
INETmax WLCO-TWC1199287-INETMAX-NET (NET-69-44-0-0-2)
69.44.0.0 - 69.44.3.255

I'm not sure how to structure the function where if it doesn't find 'OrgName' to parse the data to retrieve the NetRange of the unformatted whois request.

Below is the function:

Code: Select all

public function lookup($ip = "")
    {
        $cmd = "whois " . $ip;
        $result = shell_exec($cmd);
 
        $result = explode("\n", $result);
        $whois_data = array();
 
        //Format data
        foreach ($result as $value) {
            //Skip empty lines
            if ($value == '') {
                continue;
            }
            $sep_pos = strpos($value, ':');
            $title = trim(substr($value, 0, $sep_pos));
            $whois_data[$title] = trim(substr($value, $sep_pos + 1));
        }
 
        return $whois_data;
    }
I've been working on this for a week not sure how to proceed.

Thanks,
Paul
User avatar
manohoo
Forum Contributor
Posts: 201
Joined: Wed Dec 23, 2009 12:28 pm

Re: whois function bug

Post by manohoo »

There are 3 PHP functions that can help you:

gethostbyaddr(), gethostbyname(), and gethostbyname!().

Code: Select all

 
echo gethostbyaddr("69.4.0"); 
echo "<br />";
echo gethostbyname("yahoo.com");
echo "<br />";
var_dump(gethostbynamel("yahoo.com")); // returns an array of ip addresses
echo "<br />";
echo gethostbyaddr("209.191.93.53");
 
will output:

69.4.0
209.191.93.53
array(3) { [0]=> string(13) "209.191.93.53" [1]=> string(14) "69.147.114.224" [2]=> string(14) "209.131.36.159" }
b1.www.vip.mud.yahoo.com

Notice that gethostbyaddr("69.4.0") fails, and returns the ip address itself.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: whois function bug

Post by AbraCadaver »

Could be better, but using your code here is my stab at this (untested). This takes advantage of the fact that you can call 'whois NET-69-44-0-0-1' and it will return the single record :-)

Code: Select all

public function lookup($ip = "") {
        $cmd = "whois " . $ip;
        $result = shell_exec($cmd);
 
        $result = explode("\n", $result);
        $whois_data = array();
 
        //If first line starts with OrgName
        if(strpos($result[0], 'OrgName') === 0) { 
            //Format data
            foreach ($result as $value) {
                //Skip empty lines
                if ($value == '') {
                    continue;
                }
                $sep_pos = strpos($value, ':');
                $title = trim(substr($value, 0, $sep_pos));
                $whois_data[$title] = trim(substr($value, $sep_pos + 1));
            }
        //If first line does NOT start with OrgName
        } else {
            foreach ($result as $key => $value) {
                //If this is an odd row - the one with the org and netname
                if(($key % 2) !== 0)) {
                    //Match the netname in ( )
                    preg_match('/\((.+)\)/', $value, $matches);
                    //Call us recursively with the netname and assign array to a new array
                    $whois_data[] = $this->lookup($matches[1]);
                }
            }
        } 
        return $whois_data;
}
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
pauldr
Forum Newbie
Posts: 18
Joined: Fri Apr 10, 2009 6:40 am

Re: whois function bug

Post by pauldr »

Thank you, I'm testing it now.

Paul
Post Reply