Example #1
0
    if (!($banlist = @file(CONFIG_PATH . 'bans.ini'))) {
        $banlist = array();
    }
    foreach ($banlist as $banstring) {
        $ban = '/^' . str_replace('*', '(\\d*)', str_replace('.', '\\.', trim($banstring))) . '$/';
        if (preg_match($ban, $ip)) {
            return true;
        }
    }
    return false;
}
////////////////////////////////////////////////////////////////////////////////
// Ban check                                                                  //
////////////////////////////////////////////////////////////////////////////////
if (ifbanned($_SERVER['REMOTE_ADDR'])) {
    rcms_log_put('Notification', $this->user['username'], 'Attempt to access from banned IP');
    die('You are banned from this site');
}
// UMASK Must be 000!
umask(00);
////////////////////////////////////////////////////////////////////////////////
// Loading system libraries                                                   //
////////////////////////////////////////////////////////////////////////////////
include_once SYSTEM_MODULES_PATH . 'filesystem.php';
include_once SYSTEM_MODULES_PATH . 'etc.php';
include_once SYSTEM_MODULES_PATH . 'templates.php';
include_once SYSTEM_MODULES_PATH . 'user-classes.php';
include_once SYSTEM_MODULES_PATH . 'tar.php';
include_once SYSTEM_MODULES_PATH . 'system.php';
include_once SYSTEM_MODULES_PATH . 'compatibility.php';
include_once SYSTEM_MODULES_PATH . 'formsgen.php';
Example #2
0
 function logattack()
 {
     global $system;
     rcms_log_put('Hack attempt', $system->user['username'], 'Remote address: ' . $_SERVER['REMOTE_ADDR'] . "\n" . 'Suspected URI: ' . $_SERVER['REQUEST_URI'] . "\n" . 'Suspected referer: ' . $_SERVER['HTTP_REFERER'] . "\n" . 'User agent: ' . $_SERVER['HTTP_USER_AGENT'] . "\n");
 }
Example #3
0
 /**
  * Prints MySQL error message; swithing DEBUG, prints MySQL error description or sends it to administrator
  *
  */
 function db_error($show = 0, $query = '')
 {
     global $system;
     if (!in_array(mysql_errno(), array(1062, 1065, 1191))) {
         if (DEBUG == 1 || $show == 1) {
             $warning = '<br><b>' . 'MySQL Error' . ':</b><br><i>';
             $warning .= mysql_errno() . ' : ' . mysql_error() . (empty($query) ? '</i>' : '<br>In query: <textarea cols="50" rows="7">' . $query . '</textarea></i>');
             print $warning or print $warning;
         } else {
             print 'An error occured. Please, try again later. Thank You !';
             $message .= mysql_errno() . ':' . mysql_error() . "\r\n";
             $message .= empty($query) ? '' : "In query: \r\n" . $query . "\r\n";
             rcms_log_put('MySQL error', $system->user['username'], $message);
         }
     }
 }
Example #4
0
 function recoverPassword($username, $email)
 {
     if (!($data = $this->getUserData($username))) {
         $this->results['passrec'] = __('Cannot open profile');
         return false;
     }
     if ($email != $data['email']) {
         $this->results['passrec'] = __('Your e-mail doesn\'t match e-mail in profile');
         return false;
     }
     $new_password = rcms_random_string(8);
     $site_url = parse_url($this->url);
     $time = time();
     if (!empty($data['last_prr']) && !empty($this->config['pr_flood']) && (int) $time <= (int) $data['last_prr'] + (int) $this->config['pr_flood']) {
         $this->results['passrec'] = __('Too many requests in limited period of time. Try later.');
         $data['last_prr'] = time();
         if (!$this->save_user($username, $data)) {
             $this->results['passrec'] .= '<br />' . __('Cannot save profile');
         }
         rcms_log_put(__('Notification'), $this->user['username'], 'Attempted to recover password for ' . $username);
         return false;
     }
     if (rcms_send_mail($email, 'no_reply@' . $site_url['host'], __('Password'), $this->config['encoding'], __('Your new password at') . ' ' . $site_url['host'], __('Your username at') . ' ' . $site_url['host'] . ': ' . $username . "\r\n" . __('Your new password at') . ' ' . $site_url['host'] . ': ' . $new_password)) {
         $data['password'] = md5($new_password);
         $data['last_prr'] = $time;
         if (!$this->save_user($username, $data)) {
             $this->results['passrec'] = __('Cannot save profile');
             return false;
         }
         $this->results['passrec'] = __('New password has been sent to your e-mail');
         rcms_log_put(__('Notification'), $this->user['username'], 'Recovered password for ' . $username);
         return true;
     } else {
         rcms_log_put(__('Notification'), $this->user['username'], 'Recovered password for ' . $username . '" (BUT E-MAIL WAS NOT SENT)');
         $this->results['passrec'] = __('Cannot send e-mail');
         return false;
     }
 }