function DetectAttacks($a_fields)
{
global $ATTACK_DETECTION_DUPS, $ATTACK_DETECTION_REVERSE_CAPTCHA;
$s_info = $s_attack = "";
$b_attacked = false;
$s_user_info = "";
if (ATTACK_DETECTION_MIME) {
if (DetectMimeAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && !empty($ATTACK_DETECTION_DUPS)) {
if (DetectDupAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && ATTACK_DETECTION_SPECIALS) {
if (DetectSpecialsAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && (ATTACK_DETECTION_MANY_URLS || ATTACK_DETECTION_MANY_URL_FIELDS)) {
if (DetectManyURLsAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (ATTACK_DETECTION_JUNK) {
if (DetectJunkAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && !empty($ATTACK_DETECTION_REVERSE_CAPTCHA)) {
if (DetectRevCaptchaAttack($ATTACK_DETECTION_REVERSE_CAPTCHA, $a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if ($b_attacked) {
if (ALERT_ON_ATTACK_DETECTION) {
SendAlert(GetMessage(MSG_ATTACK_DETECTED, array("ATTACK" => $s_attack, "INFO" => $s_info)), false);
}
if (!IsAjax() && ATTACK_DETECTION_URL !== "") {
Redirect(ATTACK_DETECTION_URL, GetMessage(MSG_FORM_ERROR));
} else {
global $SERVER;
CreatePage(GetMessage(MSG_ATTACK_PAGE, array("SERVER" => $SERVER, "USERINFO" => $s_user_info)), GetMessage(MSG_FORM_ERROR));
}
exit;
}
}
function DetectAttacks($a_fields)
{
$s_info = $s_attack = "";
$b_attacked = false;
$s_user_info = "";
if (Settings::get('ATTACK_DETECTION_MIME')) {
if (DetectMimeAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && !Settings::isEmpty('ATTACK_DETECTION_DUPS')) {
if (DetectDupAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && Settings::get('ATTACK_DETECTION_SPECIALS')) {
if (DetectSpecialsAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && (Settings::get('ATTACK_DETECTION_MANY_URLS') || Settings::get('ATTACK_DETECTION_MANY_URL_FIELDS'))) {
if (DetectManyURLsAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (Settings::get('ATTACK_DETECTION_JUNK')) {
if (DetectJunkAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && !Settings::isEmpty('ATTACK_DETECTION_REVERSE_CAPTCHA')) {
if (DetectRevCaptchaAttack(Settings::get('ATTACK_DETECTION_REVERSE_CAPTCHA'), $a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if ($b_attacked) {
if (function_exists('FMHookAttacked')) {
FMHookAttacked('');
}
/* in the future, pass the type of attack */
if (Settings::get('ALERT_ON_ATTACK_DETECTION')) {
SendAlert(GetMessage(MSG_ATTACK_DETECTED, array("ATTACK" => $s_attack, "INFO" => $s_info)), false);
}
if (!IsAjax() && Settings::get('ATTACK_DETECTION_URL') !== "") {
Redirect(Settings::get('ATTACK_DETECTION_URL'), GetMessage(MSG_FORM_ERROR));
} else {
global $SERVER;
CreatePage(GetMessage(MSG_ATTACK_PAGE, array("SERVER" => $SERVER, "USERINFO" => $s_user_info)), GetMessage(MSG_FORM_ERROR));
}
exit;
}
}
<?php
# TO DEBUG THE APP
# change this to 'on' (default: 'off')
ini_set('display_errors', 'on');
# Include vital runtime files
include 'includes/hub.php';
$template['path'] = 'templates/zpanelv3';
echo eval(CreatePage());
function ShowError($error_code, $error_mesg, $b_user_error, $b_alerted = false, $a_item_list = array(), $s_extra_info = "")
{
global $SPECIAL_FIELDS, $SPECIAL_MULTI, $SPECIAL_VALUES, $aSessionVars, $aStrippedFormVars;
//
// Testing with PHP 4.0.6 indicates that sessions don't always work.
// So, we'll also add the error to the URL, unless
// PUT_DATA_IN_URL is false.
//
$aSessionVars["FormError"] = $error_mesg;
$aSessionVars["FormErrorInfo"] = $s_extra_info;
$aSessionVars["FormErrorCode"] = $error_code;
$aSessionVars["FormErrorItems"] = $a_item_list;
$aSessionVars["FormIsUserError"] = $b_user_error;
$aSessionVars["FormAlerted"] = $b_alerted;
$aSessionVars["FormData"] = array();
$bad_url = $SPECIAL_VALUES["bad_url"];
$bad_template = $SPECIAL_VALUES["bad_template"];
$this_form = $SPECIAL_VALUES["this_form"];
if (!empty($bad_url)) {
$a_params = array();
$a_params[] = "this_form=" . urlencode("{$this_form}");
$a_params[] = "bad_template=" . urlencode("{$bad_template}");
if (PUT_DATA_IN_URL) {
$a_params[] = "error=" . urlencode("{$error_mesg}");
$a_params[] = "extra=" . urlencode("{$s_extra_info}");
$a_params[] = "errcode=" . urlencode("{$error_code}");
$a_params[] = "isusererror=" . ($b_user_error ? "1" : "0");
$a_params[] = "alerted=" . ($b_alerted ? "1" : "0");
$i_count = 1;
foreach ($a_item_list as $s_item) {
$a_params[] = "erroritem{$i_count}=" . urlencode("{$s_item}");
$i_count++;
}
} else {
//
// tell the bad_url to look in the session only
//
$a_params[] = "insession=1";
}
//
// Add the posted data to the URL so that an intelligent
// $bad_url can call the form again
//
foreach ($aStrippedFormVars as $s_name => $m_value) {
//
// skip special fields
//
$b_special = false;
if (in_array($s_name, $SPECIAL_FIELDS)) {
$b_special = true;
} else {
foreach ($SPECIAL_MULTI as $s_multi_fld) {
$i_len = strlen($s_multi_fld);
if (substr($s_name, 0, $i_len) == $s_multi_fld) {
$i_index = (int) substr($s_name, $i_len);
if ($i_index > 0) {
$b_special = true;
break;
}
}
}
}
if (!$b_special) {
if (PUT_DATA_IN_URL) {
if (is_array($m_value)) {
foreach ($m_value as $s_value) {
$a_params[] = "{$s_name}" . '[]=' . urlencode(substr($s_value, 0, MAXSTRING));
}
} else {
$a_params[] = "{$s_name}=" . urlencode(substr($m_value, 0, MAXSTRING));
}
} else {
if (is_array($m_value)) {
$aSessionVars["FormData"]["{$s_name}"] = $m_value;
} else {
$aSessionVars["FormData"]["{$s_name}"] = substr($m_value, 0, MAXSTRING);
}
}
}
}
$bad_url = AddURLParams($bad_url, $a_params, false);
Redirect($bad_url);
} else {
if (!empty($bad_template)) {
$a_specs = array("fmerror" => htmlspecialchars("{$error_mesg}"), "fmerrorcode" => htmlspecialchars("{$error_code}"), "fmfullerror" => htmlspecialchars("{$error_mesg}") . "\n" . htmlspecialchars("{$s_extra_info}"), "fmerrorextra" => htmlspecialchars("{$s_extra_info}"));
$i_count = 1;
foreach ($a_item_list as $s_item) {
$a_specs["fmerroritem{$i_count}"] = htmlspecialchars($s_item);
$i_count++;
}
$s_list = "";
foreach ($a_item_list as $s_item) {
$s_list .= "<li>" . htmlspecialchars($s_item) . "</li>\n";
}
$a_specs["fmerroritemlist"] = $s_list;
if (ShowTemplate($bad_template, $a_specs)) {
return;
}
}
$s_text = GetMessage(MSG_ERROR_PROC);
if ($b_user_error) {
$s_text .= $error_mesg . "\n" . $s_extra_info;
} else {
if ($b_alerted) {
$s_text .= GetMessage(MSG_ALERT_DONE);
} else {
$s_text .= GetMessage(MSG_PLS_CONTACT);
}
$s_text .= GetMessage(MSG_APOLOGY);
}
CreatePage($s_text);
//
// the session data is not needed now
//
ZapSession();
}
}
function DetectAttacks($a_fields)
{
global $ATTACK_DETECTION_DUPS;
$s_info = $s_attack = "";
$b_attacked = false;
if (ATTACK_DETECTION_MIME) {
if (DetectMimeAttack($a_fields, $s_attack, $s_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && !empty($ATTACK_DETECTION_DUPS)) {
if (DetectDupAttack($a_fields, $s_attack, $s_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && ATTACK_DETECTION_SPECIALS) {
if (DetectSpecialsAttack($a_fields, $s_attack, $s_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && (ATTACK_DETECTION_MANY_URLS || ATTACK_DETECTION_MANY_URL_FIELDS)) {
if (DetectManyURLsAttack($a_fields, $s_attack, $s_info)) {
$b_attacked = true;
}
}
if ($b_attacked) {
if (ALERT_ON_ATTACK_DETECTION) {
SendAlert(GetMessage(MSG_ATTACK_DETECTED, array("ATTACK" => $s_attack, "INFO" => $s_info)), false);
}
if (ATTACK_DETECTION_URL !== "") {
Redirect(ATTACK_DETECTION_URL);
} else {
CreatePage(GetMessage(MSG_ATTACK_PAGE));
}
exit;
}
}
