public static function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0) { if (!getgpc($var)) { return FALSE; } else { global $_G; if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && $_GET['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) { if (empty($_GET['phone_reg'])) { if (checkperm('seccode')) { if ($secqaacheck && !check_secqaa($_GET['secanswer'], $_GET['sechash'])) { showmessage('submit_secqaa_invalid'); } if ($seccodecheck && !check_seccode($_GET['seccodeverify'], $_GET['sechash'])) { showmessage('submit_seccode_invalid'); } } } return TRUE; // For ios reg modify by heavenK } elseif ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && !empty($_GET['phone_reg']) && empty($_SERVER['HTTP_X_FLASH_VERSION']) && empty($_SERVER['HTTP_REFERER'])) { return TRUE; } else { //add by zh if ($_GET['mod'] == 'sms' && $_GET['flag'] == 1) { exit(lang('message', 'submit_invalid')); } else { showmessage('submit_invalid'); } } } }
public static function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0) { if (!getgpc($var)) { return FALSE; } else { global $_G; if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && $_GET['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || strncmp($_SERVER['HTTP_REFERER'], 'http://wsq.discuz.qq.com', 24) === 0 || strncmp($_SERVER['HTTP_REFERER'], 'http://m.wsq.qq.com', 19) === 0 || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) { if (checkperm('seccode')) { if ($secqaacheck && !check_secqaa($_GET['secanswer'], $_GET['secqaahash'])) { showmessage('submit_secqaa_invalid'); } if ($seccodecheck && !check_seccode($_GET['seccodeverify'], $_GET['seccodehash'], 0, $_GET['seccodemodid'])) { showmessage('submit_seccode_invalid'); } } return TRUE; } else { showmessage('submit_invalid'); } } }
function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0) { if (!getgpc($var)) { return FALSE; } else { global $_G; if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && $_G['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) { if (checkperm('seccode')) { if ($secqaacheck && !check_secqaa($_G['gp_secanswer'], $_G['gp_sechash'])) { showmessage('submit_secqaa_invalid'); } if ($seccodecheck && !check_seccode($_G['gp_seccodeverify'], $_G['gp_sechash'])) { showmessage('submit_seccode_invalid'); } } return TRUE; } else { showmessage('submit_invalid'); } } }
<?php /** * [Discuz!] (C)2001-2099 Comsenz Inc. * This is NOT a freeware, use is subject to license terms * * $Id: misc_secqaa.php 10395 2010-05-11 04:48:31Z monkey $ */ if (!defined('IN_DISCUZ')) { exit('Access Denied'); } require_once libfile('function/seccode'); if ($_G['gp_action'] == 'update') { $refererhost = parse_url($_SERVER['HTTP_REFERER']); $refererhost['host'] .= !empty($refererhost['port']) ? ':' . $refererhost['port'] : ''; if ($refererhost['host'] != $_SERVER['HTTP_HOST']) { exit('Access Denied'); } $message = ''; if ($_G['setting']['secqaa']) { $question = make_secqaa($_G['gp_idhash']); } include template('common/header_ajax'); echo lang('core', 'secqaa_tips') . $question; include template('common/footer_ajax'); } elseif ($_G['gp_action'] == 'check') { include template('common/header_ajax'); echo check_secqaa($_G['gp_secverify'], $_G['gp_idhash']) ? 'succeed' : 'invalid'; include template('common/footer_ajax'); }
<?php /** * [Discuz!] (C)2001-2099 Comsenz Inc. * This is NOT a freeware, use is subject to license terms * * $Id: misc_secqaa.php 25246 2011-11-02 03:34:53Z zhangguosheng $ */ if (!defined('IN_DISCUZ')) { exit('Access Denied'); } require_once libfile('function/seccode'); if ($_GET['action'] == 'update') { $refererhost = parse_url($_SERVER['HTTP_REFERER']); $refererhost['host'] .= !empty($refererhost['port']) ? ':' . $refererhost['port'] : ''; if ($refererhost['host'] != $_SERVER['HTTP_HOST']) { exit('Access Denied'); } $message = ''; if ($_G['setting']['secqaa']) { $question = make_secqaa($_GET['idhash']); } include template('common/header_ajax'); echo lang('core', 'secqaa_tips') . $question; include template('common/footer_ajax'); } elseif ($_GET['action'] == 'check') { include template('common/header_ajax'); echo check_secqaa($_GET['secverify'], $_GET['idhash']) ? 'succeed' : 'invalid'; include template('common/footer_ajax'); }