/** * Start a PHP session if necessary * * We need to start a session: * * 1. On the frontend when showing the form * 2. When processing an SWFUpload file upload * 3. When displaying the form via Ajax */ function iphorm_session_start() { if (!session_id() && !headers_sent()) { if (!is_admin()) { // We're on the front end so we need a session if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_GET['iphorm_swfupload']) && $_GET['iphorm_swfupload'] == 1 && isset($_POST['PHPSESSID'])) { // Sets the session ID if we are uploading via SWFUpload session_id($_POST['PHPSESSID']); } iphorm_secure_session_start(); } elseif (defined('DOING_AJAX') && DOING_AJAX === true && isset($_GET['action']) && ($_GET['action'] === 'iphorm_show_form_ajax' || $_GET['action'] === 'iphorm_get_session_id_ajax')) { // We are displaying the form via Ajax, or getting the session ID iphorm_secure_session_start(); } } }
$sn = session_name(); if (isset($_COOKIE[$sn])) { $sessid = $_COOKIE[$sn]; } else { if (isset($_GET[$sn])) { $sessid = $_GET[$sn]; } else { return session_start(); } } if (!preg_match('/^[a-zA-Z0-9,\\-]{22,40}$/', $sessid)) { return false; } return session_start(); } iphorm_secure_session_start(); defined('IPHORM_INCLUDES_DIR') || define('IPHORM_INCLUDES_DIR', realpath(dirname(__FILE__))); require_once IPHORM_INCLUDES_DIR . '/JSON.php'; require_once IPHORM_INCLUDES_DIR . '/iPhorm/Captcha.php'; $config = base64_decode(stripslashes($_GET['c'])); $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); $config = $json->decode($config); if (is_array($config) && array_key_exists('options', $config)) { $captchaOptions = $config['options']; if (array_key_exists('length', $captchaOptions)) { $captchaOptions['length'] = abs(intval($captchaOptions['length'])); $captchaOptions['length'] = min($captchaOptions['length'], 32); $captchaOptions['length'] = max($captchaOptions['length'], 2); } else { $captchaOptions['length'] = 5; }