break; case "DELETE": session_name("login"); session_start(); if (!isvalid($_SESSION["Login"])){ if ($_SESSION["disp"]==0){ printform();$_SESSION["disp"]=1;}else{$_SESSION["disp"]=0;} exit; } if ($_SESSION["disp"]==0){ $bannedIps = readips(); $bannedIps = RemoveArrayItem($bannedIps,$delindex); rewritefile($bannedIps); $_SESSION["disp"]=1; } else{ $_SESSION["disp"]=0; actionpage(); } break; Default: if (!file_exists($IPfile)){ $file = fopen($IPfile,"w+"); //create it fwrite ($file,''); //empty it fclose ($file); //close it }
function user_remove_ban($ip) { if (empty($ip)) { return false; } $users_ban = load_database('users_ban', 'ipban.db'); if (preg_match_all('~^' . preg_sanitize($ip) . '\\|.*$~im', $users_ban, $c, PREG_SET_ORDER)) { foreach ($c as $v) { $users_ban = str_replace($v[0] . "\n", '', $users_ban); } } return rewritefile('/cdata/ipban.db.php', $users_ban); }
function CSRFCheck() { global $config_csrf, $_SESS; // no check CSRF if ($config_csrf == 0) { return TRUE; } $user = $_SESS['user']; $csrf_storage = SERVDIR . '/cdata/csrf.php'; $csrf_correct = 0; $csrf_code = REQ('csrf_code'); $rcheck = file($csrf_storage); foreach ($rcheck as $id => $vdata) { list($time, $csrf, $user_name) = explode('|', trim($vdata)); // Check for correct user & csrf code -> unset if ($user_name == $user && $csrf == $csrf_code) { unset($rcheck[$id]); $csrf_correct = 1; } // 5-min limit for CSRF if ($time < time() - 300) { unset($rcheck[$id]); } } rewritefile('/cdata/csrf.php', '<' . '?php die(); ?>' . "\n" . join('', $rcheck)); if ($csrf_correct == 0) { add_to_log($_SESS['user'], 'CSRF Missed ' . $_SERVER['HTTP_REFERER']); msg("error", lang('Error!'), '<div>CSRF fail <a href="' . make_nocache() . '">Go back</div>'); } }
if ($s == false) { add_to_log(':anonym:', 'Request dsp without "s" parameter'); msg("error", lang('Error!'), lang("All fields required"), '#GOBACK'); } // Check the code $the_email = false; $fa = file(SERVDIR . '/cdata/confirmations.php'); foreach ($fa as $id => $vs) { list($email, $md5) = explode('|', trim($vs)); if ($md5 == $s) { $the_email = $email; unset($fa[$id]); } } // save new file rewritefile('/cdata/confirmations.php', join('', $fa)); // Check validation if ($the_email) { $user_arr = user_search($the_email, 'email'); $user = $user_arr[UDB_NAME]; } else { add_to_log(':anonym:', 'Validate "s" parameter: invalid request'); msg("error", lang('Error!'), lang("Validation is broken"), '#GOBACK'); } // Generate srand(time()); $salt = "abcdefghjkmnpqrstuvwxyz0123456789-ABCDEFGHIJKLMNOPQRSTUVWXYZ"; for ($i = 0; $i < 9; $i++) { $new_pass .= $salt[rand(0, strlen($salt) - 1)]; } // Save new password