function DetectAttacks($a_fields) { global $ATTACK_DETECTION_DUPS, $ATTACK_DETECTION_REVERSE_CAPTCHA; $s_info = $s_attack = ""; $b_attacked = false; $s_user_info = ""; if (ATTACK_DETECTION_MIME) { if (DetectMimeAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && !empty($ATTACK_DETECTION_DUPS)) { if (DetectDupAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && ATTACK_DETECTION_SPECIALS) { if (DetectSpecialsAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && (ATTACK_DETECTION_MANY_URLS || ATTACK_DETECTION_MANY_URL_FIELDS)) { if (DetectManyURLsAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (ATTACK_DETECTION_JUNK) { if (DetectJunkAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && !empty($ATTACK_DETECTION_REVERSE_CAPTCHA)) { if (DetectRevCaptchaAttack($ATTACK_DETECTION_REVERSE_CAPTCHA, $a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if ($b_attacked) { if (ALERT_ON_ATTACK_DETECTION) { SendAlert(GetMessage(MSG_ATTACK_DETECTED, array("ATTACK" => $s_attack, "INFO" => $s_info)), false); } if (!IsAjax() && ATTACK_DETECTION_URL !== "") { Redirect(ATTACK_DETECTION_URL, GetMessage(MSG_FORM_ERROR)); } else { global $SERVER; CreatePage(GetMessage(MSG_ATTACK_PAGE, array("SERVER" => $SERVER, "USERINFO" => $s_user_info)), GetMessage(MSG_FORM_ERROR)); } exit; } }
function DetectAttacks($a_fields) { $s_info = $s_attack = ""; $b_attacked = false; $s_user_info = ""; if (Settings::get('ATTACK_DETECTION_MIME')) { if (DetectMimeAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && !Settings::isEmpty('ATTACK_DETECTION_DUPS')) { if (DetectDupAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && Settings::get('ATTACK_DETECTION_SPECIALS')) { if (DetectSpecialsAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && (Settings::get('ATTACK_DETECTION_MANY_URLS') || Settings::get('ATTACK_DETECTION_MANY_URL_FIELDS'))) { if (DetectManyURLsAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (Settings::get('ATTACK_DETECTION_JUNK')) { if (DetectJunkAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && !Settings::isEmpty('ATTACK_DETECTION_REVERSE_CAPTCHA')) { if (DetectRevCaptchaAttack(Settings::get('ATTACK_DETECTION_REVERSE_CAPTCHA'), $a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if ($b_attacked) { if (function_exists('FMHookAttacked')) { FMHookAttacked(''); } /* in the future, pass the type of attack */ if (Settings::get('ALERT_ON_ATTACK_DETECTION')) { SendAlert(GetMessage(MSG_ATTACK_DETECTED, array("ATTACK" => $s_attack, "INFO" => $s_info)), false); } if (!IsAjax() && Settings::get('ATTACK_DETECTION_URL') !== "") { Redirect(Settings::get('ATTACK_DETECTION_URL'), GetMessage(MSG_FORM_ERROR)); } else { global $SERVER; CreatePage(GetMessage(MSG_ATTACK_PAGE, array("SERVER" => $SERVER, "USERINFO" => $s_user_info)), GetMessage(MSG_FORM_ERROR)); } exit; } }
<?php # TO DEBUG THE APP # change this to 'on' (default: 'off') ini_set('display_errors', 'on'); # Include vital runtime files include 'includes/hub.php'; $template['path'] = 'templates/zpanelv3'; echo eval(CreatePage());
function ShowError($error_code, $error_mesg, $b_user_error, $b_alerted = false, $a_item_list = array(), $s_extra_info = "") { global $SPECIAL_FIELDS, $SPECIAL_MULTI, $SPECIAL_VALUES, $aSessionVars, $aStrippedFormVars; // // Testing with PHP 4.0.6 indicates that sessions don't always work. // So, we'll also add the error to the URL, unless // PUT_DATA_IN_URL is false. // $aSessionVars["FormError"] = $error_mesg; $aSessionVars["FormErrorInfo"] = $s_extra_info; $aSessionVars["FormErrorCode"] = $error_code; $aSessionVars["FormErrorItems"] = $a_item_list; $aSessionVars["FormIsUserError"] = $b_user_error; $aSessionVars["FormAlerted"] = $b_alerted; $aSessionVars["FormData"] = array(); $bad_url = $SPECIAL_VALUES["bad_url"]; $bad_template = $SPECIAL_VALUES["bad_template"]; $this_form = $SPECIAL_VALUES["this_form"]; if (!empty($bad_url)) { $a_params = array(); $a_params[] = "this_form=" . urlencode("{$this_form}"); $a_params[] = "bad_template=" . urlencode("{$bad_template}"); if (PUT_DATA_IN_URL) { $a_params[] = "error=" . urlencode("{$error_mesg}"); $a_params[] = "extra=" . urlencode("{$s_extra_info}"); $a_params[] = "errcode=" . urlencode("{$error_code}"); $a_params[] = "isusererror=" . ($b_user_error ? "1" : "0"); $a_params[] = "alerted=" . ($b_alerted ? "1" : "0"); $i_count = 1; foreach ($a_item_list as $s_item) { $a_params[] = "erroritem{$i_count}=" . urlencode("{$s_item}"); $i_count++; } } else { // // tell the bad_url to look in the session only // $a_params[] = "insession=1"; } // // Add the posted data to the URL so that an intelligent // $bad_url can call the form again // foreach ($aStrippedFormVars as $s_name => $m_value) { // // skip special fields // $b_special = false; if (in_array($s_name, $SPECIAL_FIELDS)) { $b_special = true; } else { foreach ($SPECIAL_MULTI as $s_multi_fld) { $i_len = strlen($s_multi_fld); if (substr($s_name, 0, $i_len) == $s_multi_fld) { $i_index = (int) substr($s_name, $i_len); if ($i_index > 0) { $b_special = true; break; } } } } if (!$b_special) { if (PUT_DATA_IN_URL) { if (is_array($m_value)) { foreach ($m_value as $s_value) { $a_params[] = "{$s_name}" . '[]=' . urlencode(substr($s_value, 0, MAXSTRING)); } } else { $a_params[] = "{$s_name}=" . urlencode(substr($m_value, 0, MAXSTRING)); } } else { if (is_array($m_value)) { $aSessionVars["FormData"]["{$s_name}"] = $m_value; } else { $aSessionVars["FormData"]["{$s_name}"] = substr($m_value, 0, MAXSTRING); } } } } $bad_url = AddURLParams($bad_url, $a_params, false); Redirect($bad_url); } else { if (!empty($bad_template)) { $a_specs = array("fmerror" => htmlspecialchars("{$error_mesg}"), "fmerrorcode" => htmlspecialchars("{$error_code}"), "fmfullerror" => htmlspecialchars("{$error_mesg}") . "\n" . htmlspecialchars("{$s_extra_info}"), "fmerrorextra" => htmlspecialchars("{$s_extra_info}")); $i_count = 1; foreach ($a_item_list as $s_item) { $a_specs["fmerroritem{$i_count}"] = htmlspecialchars($s_item); $i_count++; } $s_list = ""; foreach ($a_item_list as $s_item) { $s_list .= "<li>" . htmlspecialchars($s_item) . "</li>\n"; } $a_specs["fmerroritemlist"] = $s_list; if (ShowTemplate($bad_template, $a_specs)) { return; } } $s_text = GetMessage(MSG_ERROR_PROC); if ($b_user_error) { $s_text .= $error_mesg . "\n" . $s_extra_info; } else { if ($b_alerted) { $s_text .= GetMessage(MSG_ALERT_DONE); } else { $s_text .= GetMessage(MSG_PLS_CONTACT); } $s_text .= GetMessage(MSG_APOLOGY); } CreatePage($s_text); // // the session data is not needed now // ZapSession(); } }
function DetectAttacks($a_fields) { global $ATTACK_DETECTION_DUPS; $s_info = $s_attack = ""; $b_attacked = false; if (ATTACK_DETECTION_MIME) { if (DetectMimeAttack($a_fields, $s_attack, $s_info)) { $b_attacked = true; } } if (!$b_attacked && !empty($ATTACK_DETECTION_DUPS)) { if (DetectDupAttack($a_fields, $s_attack, $s_info)) { $b_attacked = true; } } if (!$b_attacked && ATTACK_DETECTION_SPECIALS) { if (DetectSpecialsAttack($a_fields, $s_attack, $s_info)) { $b_attacked = true; } } if (!$b_attacked && (ATTACK_DETECTION_MANY_URLS || ATTACK_DETECTION_MANY_URL_FIELDS)) { if (DetectManyURLsAttack($a_fields, $s_attack, $s_info)) { $b_attacked = true; } } if ($b_attacked) { if (ALERT_ON_ATTACK_DETECTION) { SendAlert(GetMessage(MSG_ATTACK_DETECTED, array("ATTACK" => $s_attack, "INFO" => $s_info)), false); } if (ATTACK_DETECTION_URL !== "") { Redirect(ATTACK_DETECTION_URL); } else { CreatePage(GetMessage(MSG_ATTACK_PAGE)); } exit; } }