if (!($banlist = @file(CONFIG_PATH . 'bans.ini'))) { $banlist = array(); } foreach ($banlist as $banstring) { $ban = '/^' . str_replace('*', '(\\d*)', str_replace('.', '\\.', trim($banstring))) . '$/'; if (preg_match($ban, $ip)) { return true; } } return false; } //////////////////////////////////////////////////////////////////////////////// // Ban check // //////////////////////////////////////////////////////////////////////////////// if (ifbanned($_SERVER['REMOTE_ADDR'])) { rcms_log_put('Notification', $this->user['username'], 'Attempt to access from banned IP'); die('You are banned from this site'); } // UMASK Must be 000! umask(00); //////////////////////////////////////////////////////////////////////////////// // Loading system libraries // //////////////////////////////////////////////////////////////////////////////// include_once SYSTEM_MODULES_PATH . 'filesystem.php'; include_once SYSTEM_MODULES_PATH . 'etc.php'; include_once SYSTEM_MODULES_PATH . 'templates.php'; include_once SYSTEM_MODULES_PATH . 'user-classes.php'; include_once SYSTEM_MODULES_PATH . 'tar.php'; include_once SYSTEM_MODULES_PATH . 'system.php'; include_once SYSTEM_MODULES_PATH . 'compatibility.php'; include_once SYSTEM_MODULES_PATH . 'formsgen.php';
function logattack() { global $system; rcms_log_put('Hack attempt', $system->user['username'], 'Remote address: ' . $_SERVER['REMOTE_ADDR'] . "\n" . 'Suspected URI: ' . $_SERVER['REQUEST_URI'] . "\n" . 'Suspected referer: ' . $_SERVER['HTTP_REFERER'] . "\n" . 'User agent: ' . $_SERVER['HTTP_USER_AGENT'] . "\n"); }
/** * Prints MySQL error message; swithing DEBUG, prints MySQL error description or sends it to administrator * */ function db_error($show = 0, $query = '') { global $system; if (!in_array(mysql_errno(), array(1062, 1065, 1191))) { if (DEBUG == 1 || $show == 1) { $warning = '<br><b>' . 'MySQL Error' . ':</b><br><i>'; $warning .= mysql_errno() . ' : ' . mysql_error() . (empty($query) ? '</i>' : '<br>In query: <textarea cols="50" rows="7">' . $query . '</textarea></i>'); print $warning or print $warning; } else { print 'An error occured. Please, try again later. Thank You !'; $message .= mysql_errno() . ':' . mysql_error() . "\r\n"; $message .= empty($query) ? '' : "In query: \r\n" . $query . "\r\n"; rcms_log_put('MySQL error', $system->user['username'], $message); } } }
function recoverPassword($username, $email) { if (!($data = $this->getUserData($username))) { $this->results['passrec'] = __('Cannot open profile'); return false; } if ($email != $data['email']) { $this->results['passrec'] = __('Your e-mail doesn\'t match e-mail in profile'); return false; } $new_password = rcms_random_string(8); $site_url = parse_url($this->url); $time = time(); if (!empty($data['last_prr']) && !empty($this->config['pr_flood']) && (int) $time <= (int) $data['last_prr'] + (int) $this->config['pr_flood']) { $this->results['passrec'] = __('Too many requests in limited period of time. Try later.'); $data['last_prr'] = time(); if (!$this->save_user($username, $data)) { $this->results['passrec'] .= '<br />' . __('Cannot save profile'); } rcms_log_put(__('Notification'), $this->user['username'], 'Attempted to recover password for ' . $username); return false; } if (rcms_send_mail($email, 'no_reply@' . $site_url['host'], __('Password'), $this->config['encoding'], __('Your new password at') . ' ' . $site_url['host'], __('Your username at') . ' ' . $site_url['host'] . ': ' . $username . "\r\n" . __('Your new password at') . ' ' . $site_url['host'] . ': ' . $new_password)) { $data['password'] = md5($new_password); $data['last_prr'] = $time; if (!$this->save_user($username, $data)) { $this->results['passrec'] = __('Cannot save profile'); return false; } $this->results['passrec'] = __('New password has been sent to your e-mail'); rcms_log_put(__('Notification'), $this->user['username'], 'Recovered password for ' . $username); return true; } else { rcms_log_put(__('Notification'), $this->user['username'], 'Recovered password for ' . $username . '" (BUT E-MAIL WAS NOT SENT)'); $this->results['passrec'] = __('Cannot send e-mail'); return false; } }