if( $ip != -1 && $ip !== FALSE) { return $ip; } #...or hostname? elseif(gethostbyname($address) != $address) { return $address; } } return false; } # Main Code ########### # Get the IP ip oh the host (GET method) if (isset($_GET["ip"]) && checkip($_GET["ip"])) { $ip = $_GET["ip"]; $address = gethostbyname($ip); # (We already sanitize it in "checkip" function) } else { die("Incorrect IP or hostname"); } # Connect to the Cacti DB $link = mysql_connect($database_hostname, $database_username, $database_password) or die("Error while connecting to the DB server"); mysql_select_db($database_default) or die("Could not select database"); # Build and execute the SQL request $query = "SELECT graph_local.id AS local_graph_id, host.id AS host_id, host.hostname AS hostname " ."FROM (graph_local, host) "
<br/> <table class='tlist'> <tr><th><?php __("Type"); ?> </th><th><?php __("IP"); ?> </th><th><?php __("Informations"); ?> </th><th colspan='2' /></tr> <?php foreach ($list_ip as $i) { if (checkip($i['ip'])) { if ($i['subnet'] == 32) { $txt = "Address IPv4"; } else { $txt = "Subnet IPv4"; } } elseif (checkipv6($i['ip'])) { if ($i['subnet'] == 128) { $txt = "Address IPv6"; } else { $txt = "Subnet IPv6"; } } else { $txt = "Unknow IP"; } echo "<tr class='lst'><td>{$txt}</td><td>{$i['ip_human']}</td><td>{$i['infos']}</td>";
include 'config.php'; include 'functions.php'; $page = '<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"/> <title>' . $currency . ' Faucet</title> </head> <body>'; $footer = ' <p>Donate to: ' . $donations . '</p> </body> </html>'; // check if we have paid a request from this ip $wait = checkip(); switch ($wait) { case $wait > 90: die($page . '<p>Please wait ' . round($wait / 60) . ' minutes.</p>' . $footer); break; case $wait > 1: die($page . '<p>Please wait ' . $wait . ' seconds.</p>' . $footer); break; } // check if an address has been submitted, then if it's valid & if we've already paid it if (isset($_POST['a'])) { $address = trim($_POST['a']); $test = test_address($address); switch ($test) { case 0: $pay = payout($address);
function insenz_register($type) { global $insenz, $db, $tablepre, $_DCACHE, $boardurl, $timestamp, $authkey, $discuz_uid, $discuz_user, $response; checkip(); if ($type == 1) { @extract($insenz['profile']); foreach (array('username', 'password', 'name', 'idcard', 'email1', 'email2', 'qq', 'msn', 'tel1', 'tel2', 'tel3', 'mobile', 'fax1', 'fax2', 'fax3', 'country', 'province', 'city', 'address', 'postcode', 'alipay') as $item) { ${$item} = stripslashes(${$item}); } } else { $username = $insenz['profile']['username']; $password = $insenz['profile']['password']; } $insenz['notify'] = is_array($insenz['notify']) ? $insenz['notify'] : array(2); $insenz['hardadstatus'] = is_array($insenz['hardadstatus']) ? $insenz['hardadstatus'] : array(1, 2, 3, 4, 5); $query = $db->query("SELECT COUNT(*) FROM {$tablepre}members"); $members = $db->result($query, 0); $query = $db->query("SELECT COUNT(*) FROM {$tablepre}members WHERE posts>0"); $post_members = $db->result($query, 0); $query = $db->query("SELECT COUNT(*) FROM {$tablepre}threads WHERE displayorder>='0'"); $threads = $db->result($query, 0); $query = $db->query("SELECT COUNT(*) FROM {$tablepre}posts WHERE invisible='0'"); $posts = $db->result($query, 0); $date = getdate($timestamp); $yesterday_end = mktime(0, 0, 0, $date['mon'], $date['mday'], $date['year']); $lastweek_start = $yesterday_end - 7 * 86400; $lastweek_pertopics = $lastweek_perposts = $forumstats = array(); $query = $db->query("SELECT DISTINCT(fid) AS fid, COUNT(tid) AS topics FROM {$tablepre}threads WHERE dateline BETWEEN {$lastweek_start} AND {$yesterday_end} GROUP BY fid ORDER BY topics DESC"); while ($p = $db->fetch_array($query)) { $lastweek_pertopics[$p['fid']] = ceil($p['topics'] / 7); } $query = $db->query("SELECT DISTINCT(fid) AS fid, COUNT(pid) AS posts FROM {$tablepre}posts WHERE dateline BETWEEN {$lastweek_start} AND {$yesterday_end} GROUP BY fid ORDER BY posts DESC"); while ($p = $db->fetch_array($query)) { $lastweek_perposts[$p['fid']] = ceil($p['posts'] / 7); } $query = $db->query("SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.displayorder, f.status, f.simple, ff.description, ff.redirect FROM {$tablepre}forums f LEFT JOIN {$tablepre}forumfields ff ON f.fid=ff.fid"); while ($forum = $db->fetch_array($query)) { $fid = $forum['fid']; unset($forum['fid']); $forum['lastweek_pertopics'] = intval($lastweek_pertopics[$fid]); $forum['lastweek_perposts'] = intval($lastweek_perposts[$fid]); $forumstats[$fid] = $forum; } $postdata = '<cmd id="register"><handle>' . insenz_convert($username) . '</handle> <passwd>' . $password . '</passwd>'; if ($type == 1) { $postdata .= '<name>' . insenz_convert($name) . '</name> <idcard>' . $idcard . '</idcard> <tel>' . $tel1 . '-' . $tel2 . '-' . $tel3 . '</tel> <mobile>' . $mobile . '</mobile> <fax>' . $fax1 . '-' . $fax2 . '-' . $fax3 . '</fax> <email>' . $email1 . '</email> <email2>' . $email2 . '</email2> <qq>' . $qq . '</qq> <msn>' . $msn . '</msn> <alipay>' . $alipay . '</alipay> <country>' . $country . '</country> <province>' . $province . '</province> <city>' . $city . '</city> <addr>' . insenz_convert($address) . '</addr> <postcode>' . $postcode . '</postcode>'; } $postdata .= '<url>' . $boardurl . '</url> <s_key>' . md5($authkey . 'Discuz!INSENZ') . '</s_key> <bbname>' . insenz_convert($_DCACHE['settings']['bbname']) . '</bbname> <members>' . $members . '</members> <post_members>' . $post_members . '</post_members> <topics>' . $threads . '</topics> <posts>' . $posts . '</posts> <softadstatus>' . intval($insenz['softadstatus']) . '</softadstatus> <notify>' . implode(',', $insenz['notify']) . '</notify> <autoextend>' . intval($insenz['autoextend']) . '</autoextend> <hardadstatus>' . implode(',', $insenz['hardadstatus']) . '</hardadstatus> <relatedadstatus>' . intval($insenz['relatedadstatus']) . '</relatedadstatus> <virtualforumstatus>' . intval($insenz['virtualforumstatus']) . '</virtualforumstatus>'; foreach ($forumstats as $fid => $forum) { $postdata .= '<board> <board_id>' . $fid . '</board_id> <parent_id>' . $forum['fup'] . '</parent_id> <board_type>' . $forum['type'] . '</board_type> <name>' . insenz_convert($forum['name']) . '</name> <topics>' . $forum['threads'] . '</topics> <posts>' . $forum['posts'] . '</posts> <lastweek_pertopics>' . $forum['lastweek_pertopics'] . '</lastweek_pertopics> <lastweek_perposts>' . $forum['lastweek_perposts'] . '</lastweek_perposts> <description>' . insenz_convert($forum['description']) . '</description> <status>' . $forum['status'] . '</status> <simple>' . $forum['simple'] . '</simple> <redirect>' . insenz_convert($forum['redirect']) . '</redirect> <displayorder>' . $forum['displayorder'] . '</displayorder></board>'; } $postdata .= '<type>' . ($type == 1 ? 'register' : 'bind') . '</type></cmd>'; unset($insenz['siteid']); $response = insenz_request($postdata); if ($response['status']) { insenz_alert($response['data']); } else { $response = $response['data']; } $status = $response['response'][0]['status'][0]['VALUE']; if ($status == 0) { $insenz['authkey'] = $response['response'][0]['authkey'][0]['VALUE']; $insenz['siteid'] = $response['response'][0]['site_id'][0]['VALUE']; $insenz['uid'] = $discuz_uid; $insenz['username'] = $discuz_userss; insenz_updatesettings(); unset($insenz['profile'], $insenz['step']); $db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('insenz', '" . addslashes(serialize($insenz)) . "')"); require_once DISCUZ_ROOT . './include/cache.func.php'; updatecache('settings'); insenz_cpmsg('insenz_register_succeed'); } else { $response['reason'] = insenz_convert($response['response'][0]['reason'][0]['VALUE'], 0); unset($insenz['authkey'], $insenz['siteid']); $db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('insenz', '" . addslashes(serialize($insenz)) . "')"); insenz_alert('insenz_register_failed'); } }
// check for given newip if (isset($_POST['newip'])) { $ip = $_POST['newip']; } else { if (isset($_GET['newip'])) { $ip = $_GET['newip']; } else { syslog(LOG_WARN, "User {$user} didn't provide any newip"); echo "Error! No newip given.\\”"; exit(0); } } // check for needed variables if (isset($subdomain) && isset($ip) && isset($user)) { // short sanity check for given IP if (preg_match("/^(\\d{1,3}\\.){3}\\d{1,3}\$/", $ip) && checkip($ip) && $ip != "0.0.0.0" && $ip != "255.255.255.255") { // short sanity check for given domain if (preg_match("/^[\\w\\d;-_\\*\\.]+\$/", $subdomain)) { // check whether user is allowed to change domain if (in_array("*", $user_domain[$user]) or in_array($subdomain, $user_domain[$user])) { if ($subdomain != "-") { $subdomain = $subdomain . '.'; } else { $subdomain = ''; } // shell escape all values $subdomain = escapeshellcmd($subdomain); $user = escapeshellcmd($user); $ip = escapeshellcmd($ip); $arrsubdomain = explode("\\;", $subdomain); foreach ($arrsubdomain as $value) {
cpheader(); if (!$isfounder) { cpmsg('noaccess_isfounder'); } require_once DISCUZ_ROOT . './include/insenz.func.php'; @(include_once DISCUZ_ROOT . './discuz_version.php'); require_once DISCUZ_ROOT . './admin/insenz.func.php'; echo '</td></tr></table><script type="text/javascript">var charset=\'' . $charset . '\'</script><div style="padding: 0px 8px 0px 8px;" id="insenz_body">'; $discuz_chs = $insenz_chs = ''; $query = $db->query("SELECT value FROM {$tablepre}settings WHERE variable='insenz'"); $insenz = ($insenz = $db->result($query, 0)) ? unserialize($insenz) : array(); $insenz['host'] = empty($insenz['host']) ? 'api.insenz.com' : $insenz['host']; $insenz['url'] = empty($insenz['url']) ? 'api.insenz.com' : $insenz['url']; if (empty($insenz['authkey']) && !($operation == 'settings' && $do == 'host')) { if (in_array($operation, array('binding', 'register'))) { checkip(); if (empty($agreelicense)) { insenz_shownav('insenz_nav_license'); echo '<table width="100%" align="center" border="0" cellpadding="0" cellspacing="0" class="tableborder"> <tr class="header"><td>' . $lang['insenz_register_license'] . '</td></tr><tr><td><div style="border-style: dotted; border-width: 1px; border-color: #86B9D6; padding: 6px 10px; float: none; overflow: auto; overflow-y: scroll; height:320px; word-break: break-all; background-color: #FFFFFF;" id="license">' . $lang['insenz_loading'] . '</div></td></tr> </table> <br /><div id="licensesubmit" align="center"></div> <script type="text/javascript" src="http://' . $insenz['url'] . '/misc/license.js" charset="utf-8"></script> <script type="text/javascript"> if(typeof license != \'undefined\') { $("license").innerHTML = license; $("licensesubmit").innerHTML = \'<input onclick="window.location=\\\'admincp.php?action=insenz&operation=' . $operation . '&agreelicense=yes\\\'" type="button" class="button" value="' . $lang['insenz_register_agree'] . '"> <input onclick="javascript:history.go(-1);" type="button" class="button" value="' . $lang['insenz_register_disagree'] . '">\'; } else { $("license").innerHTML = \'' . $lang['insenz_disconnect'] . '\'; $("licensesubmit").innerHTML = \'<input onclick="javascript:history.go(-1);" type="button" class="button" value="' . $lang['return'] . '">\'; }
if (!defined('SENAYAN_BASE_DIR')) { // main system configuration require '../../../sysconfig.inc.php'; // start the session require SENAYAN_BASE_DIR . 'admin/default/session.inc.php'; } require SENAYAN_BASE_DIR . 'admin/default/session_check.inc.php'; // privileges checking $can_read = utility::havePrivilege('plugins', 'r'); $can_write = utility::havePrivilege('plugins', 'w'); if (!$can_read) { die('<div class="errorBox">You dont have enough privileges to view this section</div>'); } require './func.php'; require './conf.php'; checkip($conf); if (!isset($_SESSION['plugins_enabled'])) { $_SESSION['plugins_enabled'] = array(); } if (!isset($_SESSION['plugins_available'])) { $_SESSION['plugins_available'] = array(); } $enplugins = $_SESSION['plugins_enabled']; $avplugins = $_SESSION['plugins_available']; if ($_POST) { $to_enable = array(); $to_disable = array(); foreach ($_POST as $key => $value) { if (array_key_exists($key, $avplugins) and !array_key_exists($key, $enplugins)) { $to_enable[] = $key; }
/** Remove an ip address (or a ip class) from the list of allowed slave ip access list. */ function del_slave_ip($ip) { global $db, $err; if (!checkip($ip)) { $err->raise("dom", _("The IP address you entered is incorrect")); return false; } $db->query("DELETE FROM slaveip WHERE ip='{$ip}'"); $f = fopen(SLAVE_FLAG, "w"); fputs($f, "yopla"); fclose($f); return true; }
if ($clients[$user]['password'] != $pass) { echo 'ERR: auth failed'; syslog(LOG_WARNING, 'User "' . $user . '" provided incorrect password'); exit(0); } } $hosts = $clients[$user]['hosts']; // check for given domain if (isset($_POST['host'])) { $host = $_POST['host']; } else { syslog(LOG_WARNING, 'User "' . $user . '" from ' . $post_ip . ' didn\'t provide any domain'); exit(0); } // short sanity check for given IP if (preg_match('/^(\\d{1,3}\\.){3}\\d{1,3}$/', $ip) && checkip($ip) && $ip != '0.0.0.0' && $ip != '255.255.255.255') { // short sanity check for given domain if (preg_match('/^[\\w\\d-_\\*\\.]+$/', $host)) { // check whether user is allowed to change domain if (in_array($host, $hosts)) { // shell escape all values $host = escapeshellcmd($host); $user = escapeshellcmd($user); $ip = escapeshellcmd($ip); // prepare command $data = '<<EOF zone ' . $ZONE . ' update delete ' . $host . '.' . $ZONE . ' A update add ' . $host . '.' . $ZONE . ' 300 A ' . $ip . ' send EOF';
function checkall($conf) { checkip($conf); checken(); checkref(); }
/** * Sauvegarde une IP dans les IP authorisée * * @global m_mysql $db * @global m_mem $mem * @global int $cuid * @param int $id id de la ligne à modifier. Si vide ou * égal à 0, alors c'est une insertion * @param string $ipsub IP (v4 ou v6), potentiellement avec un subnet ( /24) * @param string $infos Commentaire pour l'utilisateur * @param int $uid Si $uid=0 et qu'on est super-admin, insertion avec uid=0 * ce qui correspond a une ip toujours authorisée * @return boolean Retourne FALSE si erreur, sinon TRUE * */ function ip_save($id, $ipsub, $infos, $uid = null) { global $db, $mem; // If we ask for uid=0, we have to check to be super-user // else, juste use global cuid; if ($uid === 0 && $mem->checkRight()) { $cuid = 0; } else { global $cuid; } $id = intval($id); $infos = mysql_real_escape_string($infos); // Extract subnet from ipsub $tmp = explode('/', $ipsub); $ip = $tmp[0]; // Error if $ip not an IP if (!checkip($ip) && !checkipv6($ip)) { echo "Failed : not an IP address"; return false; } // Check the subnet, if not defined, give a /32 or a /128 if (isset($tmp[1])) { $subnet = intval($tmp[1]); } else { if (checkip($ip)) { $subnet = 32; } else { $subnet = 128; } } // An IPv4 can't have subnet > 32 if (checkip($ip) && $subnet > 32) { $subnet = 32; } if ($id) { // Update $list_affected = $this->list_affected($id); foreach ($list_affected as $k => $v) { $this->call_hooks("authip_on_delete", $k); } if (!$db->query("update authorised_ip set ip='{$ip}', subnet='{$subnet}', infos='{$infos}' where id='{$id}' and uid='{$cuid}' ;")) { echo "query failed: " . $db->Error; return false; } foreach ($list_affected as $k => $v) { $this->call_hooks("authip_on_create", $k); } } else { // Insert if (!$db->query("insert into authorised_ip (uid, ip, subnet, infos) values ('{$cuid}', '{$ip}', '{$subnet}', '{$infos}' );")) { echo "query failed: " . $db->Error; return false; } } return true; }
break; case "password": $password = $regs[2]; break; case "host": $host = $regs[2]; break; } } # Then, read specific alternc configuration if (preg_match('/^#alternc_var ([A-Za-z0-9_]*) *= *"?(.*?)"?$/', trim($line), $regs)) { ${$regs}[1] = $regs[2]; } } # Set value of human_host if unset if (!isset($human_hostname) || empty($human_hostname)) { if (checkip($host) || checkipv6($host)) { $human_hostname = gethostbyaddr($host); } else { $human_hostname = $host; } } // populate it if there is not entry $db->query("select * from db_servers;"); if ($db->num_rows() == 0) { $db->query(" insert into db_servers (name, host, login, password, client) values ('" . mysql_escape_string($human_hostname) . "','" . mysql_escape_string($host) . "','" . mysql_escape_string($user) . "','" . mysql_escape_string($password) . "','" . mysql_escape_string($L_MYSQL_CLIENT) . "');"); } // set the membres.db_server_id $db->query(" update membres set db_server_id = (select max(id) from db_servers) where db_server_id is null ;"); // END of db_servers part // +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<?php $top11picks = $_POST['top11']; $write_in = $_POST['write_in']; if ($write_in) { $limit = 3; } else { $limit = 4; } if (empty($top11picks)) { echo "<center><h3>You didn't select any songs, please <a href='top11.php'>go back</a> and try again.</h3><center>"; } elseif (count($top11picks) >= $limit) { echo "<center><h3>You selected more than 3 songs, please <a href='top11.php'>go back</a> and select only 3 songs.</h3><center>"; } else { $ip = $_SERVER['REMOTE_ADDR']; //$ip = "129.0.0.4"; if ($_SERVER['HTTP_REFERER'] == "http://ynotradio.net/addtop11vote.php" || $_SERVER['HTTP_REFERER'] == "http://www.ynotradio.net/addtop11vote.php" || checkip($ip) == "true") { $count = count($top11picks); for ($i = 0; $i < $count; $i++) { addtop11plus1($top11picks[$i]); } if (!get_magic_quotes_gpc()) { $firstname = addslashes($_POST['firstname']); $lastname = addslashes($_POST['lastname']); $email = addslashes($_POST['email']); $phone = addslashes($_POST['phone']); $write_in = addslashes($_POST['write_in']); } $contest = $_POST['contest']; $newsletter = $_POST['newsletter']; if ($write_in) { write_in($write_in);
<?php // configuration include "cfg.php"; include "lib.php"; // check ip of requesting client if (!checkip($_SERVER["REMOTE_ADDR"], $ADMIN_IP)) { logline(1, $_SERVER["REMOTE_ADDR"] . ": Unauthorized access to admin interface from blocked IP"); exit; } // check authorization if ($ADMIN_AUTH_USER && ($_SERVER['PHP_AUTH_USER'] != $ADMIN_AUTH_USER || $_SERVER['PHP_AUTH_PW'] != $ADMIN_AUTH_PASS)) { header("WWW-Authenticate: Basic realm=\"HTTPTunnel Admin\""); header("HTTP/1.0 401 Unauthorized"); id_addaccess($_SERVER["REMOTE_ADDR"]); die('Authorization Required!'); } id_delaccess($_SERVER["REMOTE_ADDR"]); if ($_REQUEST["d_action"] == "log") { set_time_limit(0); ob_implicit_flush(); $size = isset($_REQUEST["size"]) ? $_REQUEST["size"] : 65536; ?> <html> <head> <title>HTTPTunnel Server Log</title> <META HTTP-EQUIV="Expires" CONTENT="Mon, 06 Jan 1990 00:00:01 GMT"> <link type="text/css" rel="StyleSheet" href="common/tab.css" /> <script> function s() { window.scrollBy(0,9999999);
if ($ipsock) { fclose($ipsock); } $ipsock = ''; header("Content-Length: " . strlen($ret)); echo $ret; exit; } // this is for finding out my IP address in load balanced environments if ($_REQUEST["a"] == "ip") { echo $_SERVER["REMOTE_ADDR"]; exit; } include "lib.php"; // check ip of requesting client if (!checkip($_SERVER["REMOTE_ADDR"], $SEC_IP)) { logline(1, $_SERVER["REMOTE_ADDR"] . ": Unauthorized access from blocked IP"); exit; } // start of programm register_shutdown_function("shutdown"); set_time_limit(0); ob_implicit_flush(); $b = checkuser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); if ($b) { header("HTTP/1.0 401 Unauthorized"); header("WWW-Authenticate: Basic realm=\"HTTPTunnel\""); logline(1, $_SERVER["REMOTE_ADDR"] . " authentication failure - {$b}"); id_addaccess($_SERVER["REMOTE_ADDR"]); die($b); }