function check_post()
{
if (strtoupper($_SERVER['REQUEST_METHOD']) != 'POST') {
return false;
}
return check_referer();
}
/************************************************************************/
/* Copyright (c) 2002-2010 */
/* Inclusive Design Institute */
/* http://atutor.ca */
/* */
/* This program is free software. You can redistribute it and/or */
/* modify it under the terms of the GNU General Public License */
/* as published by the Free Software Foundation. */
/************************************************************************/
// $Id$
define('AT_INCLUDE_PATH', '../../../include/');
require AT_INCLUDE_PATH . 'vitals.inc.php';
admin_authenticate(AT_ADMIN_PRIV_USERS);
// Prevent remote access via CSRF: 5566
// Ref include/lib/vitals-inc.php
check_referer();
if (isset($_POST['cancel'])) {
header('Location: ' . AT_BASE_HREF . 'mods/_core/users/users.php');
exit;
}
if (isset($_POST['submit'])) {
$missing_fields = array();
$_POST['password'] = $addslashes($_POST['form_password1']);
$_POST['form_password2'] = htmlspecialchars($_POST['form_password2']);
$_POST['website'] = $addslashes($_POST['website']);
$_POST['first_name'] = $addslashes($_POST['first_name']);
$_POST['second_name'] = $addslashes($_POST['second_name']);
$_POST['last_name'] = $addslashes($_POST['last_name']);
$_POST['address'] = $addslashes($_POST['address']);
$_POST['postal'] = $addslashes($_POST['postal']);
$_POST['city'] = $addslashes($_POST['city']);
<?php
defined('IN_DESTOON') or exit('Access Denied');
if ($DT_BOT) {
dhttp(403);
}
require DT_ROOT . '/module/' . $module . '/common.inc.php';
check_referer() or dheader($MOD['linkurl']);
$itemid = intval(decrypt($auth));
$itemid or dheader($MOD['linkurl']);
$item = $db->get_one("SELECT * FROM {$table} WHERE itemid={$itemid} AND status>2");
$item or dheader($MOD['linkurl']);
extract($item);
$CAT = get_cat($catid);
$linkurl = $MOD['linkurl'] . $linkurl;
if (!check_group($_groupid, $MOD['group_show']) || !check_group($_groupid, $MOD['group_contact']) || !check_group($_groupid, $CAT['group_show'])) {
dheader($linkurl);
}
$fee = get_fee($item['fee'], $MOD['fee_view']);
if ($MG['fee_mode'] && $MOD['fee_mode']) {
$fee = 0;
}
if ($item['username'] == $_username) {
$fee = 0;
}
if ($fee) {
if ($_userid) {
check_pay($moduleid, $itemid) or dheader($linkurl);
} else {
dheader($linkurl);
}
if ($useWindowClose) {
echo '<script language="javascript" type="text/javascript">' . "\n";
echo 'setTimeout("self.close()", 5000 )' . "\n";
echo '</script>' . "\n";
}
if ($supressIP === false) { echo '<script type="text/javascript">document.getElementById("feprocessing").src="_src/complete.gif";</script>'; }
exit();
}
*/
/**
* Checks that form is from an approved "referer"
* - will exit and not proceed if referer is NOT found
* @var array string
*/
if (isset($referers)) {
check_referer($referers);
}
/**
* Checks if "email" included in form is on banlist
* - will exit and not proceed if email is on banlist
*/
if (isset($bannedEmails) && count($bannedEmails) > 0) {
check_banlist($bannedEmails, $email);
}
/**
* Sort the $_POST variables
*/
if (isset($sort) && $sort == "alphabetic") {
uksort($_POST, "strnatcasecmp");
} elseif (isset($sort) && isset($list) && ereg('^order:.*,.*', $sort) && ($list = explode(',', ereg_replace('^order:', '', $sort)))) {
$sort = $list;
exit;
}
// Set cookie for flood protection --------------------------------------------------------------
$cookie = setcookie('entry', '<br><br><center><font color=red><b>Sorry, You have already posted a Message on this guestbook.<br>Please wait 2 minutes and try again.</b></font><br><br></center>', time() + 120);
}
// End of If statement for flooding
// Including header of the system ---------------------------------------
//include("functions.php");
include "header.php";
// Check for Banned IP if Option is set ---------------------------------
if ($banIPKey == 1) {
include "ban.php";
}
// Check to make sure that the post is coming from YOUR domain ----------
if ($referersKey == 1) {
if (!check_referer($referers)) {
// Form was not submitted from the site so exit
echo "<center><br><a href=\"javascript:history.go(-1)\" class=\"text\"><font color=red>You are attempting to submit this entry from an<br>UNAUTHORIZED LOCATION. Your IP Number and Address has been logged.<br>Please be warned that continuing your attempt<br>to flood this guestbook may result<br>in legal action against you and your organization. </a></center>";
include "footer.php";
exit;
}
}
// Re-assigning the variables passed by posted form ---------------------
$yourname = $_POST['yourname'];
$youremail = $_POST['youremail'];
$yourmessage = $_POST['yourmessage'];
$date = date("D m/j/y g:iA");
// Error Handeling and entry checking -----------------------------------
echo "<center><h2>{$addentryheadtxt}</h2></center>";
// Name Validation Section -----------------------------
if ($name_optional != 1) {
$config['_database_name'] = '';
$config['_save_database'] = '';
$config['_csv_directory'] = '/tmp';
$config['_save_csv'] = '';
$config['_mandatory'] = '';
// array of formfields
$store = array();
$missing = 0;
// get http params and parse each entry
$params = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS);
foreach ($params as $key => $val) {
parse_key($key, $val);
}
// === M A I N ==========================================================
// check if page is refered from our server
check_referer(empty($_SERVER['HTTP_REFERER']) ? $config['_html_return'] : $_SERVER['HTTP_REFERER']);
// check if we have action to take
if (empty($config['_html_return']) || empty($config['_html_confirm']) && empty($config['_mail_to']) && empty($config['_save_csv']) && empty($config['_save_database'])) {
missing_action();
}
// check if mandatory fields are entered or cancel was pressed
if (!empty($config['_mandatory'])) {
if (ereg(',', $config['_mandatory'])) {
$amkeys = split(',', $config['_mandatory']);
foreach ($amkeys as $mkey) {
if (!isset($store[$mkey])) {
$store[$mkey] = "__ERROR__ ";
++$missing;
}
}
} elseif (!isset($store[$config['_mandatory']])) {
<?php
require '../common.inc.php';
check_referer() or exit;
if ($DT_BOT) {
dhttp(403);
}
isset($auth) or $auth = '';
if ($auth) {
$string = decrypt($auth, DT_KEY . 'SPAM');
if (preg_match("/^[a-z0-9_@\\-\\s\\/\\.\\,\\(\\)\\+]+\$/i", $string)) {
header("content-type:image/png");
$imageX = strlen($string) * 9;
$imageY = 20;
$im = @imagecreate($imageX, $imageY) or exit;
imagecolorallocate($im, 255, 255, 255);
$color = imagecolorallocate($im, 0, 0, 0);
imagestring($im, 5, 0, 5, $string, $color);
imagepng($im);
imagedestroy($im);
}
}
} else {
if (isset($aid)) {
$aid = intval($aid);
if ($aid) {
$r = $db->get_one("SELECT url,key_moduleid,key_id,typeid FROM {$DT_PRE}ad WHERE aid={$aid} AND fromtime<{$DT_TIME} AND totime>{$DT_TIME}");
if ($r) {
$url = $r['key_moduleid'] && $r['typeid'] > 5 ? 'redirect.php?mid=' . $r['key_moduleid'] . '&itemid=' . $r['key_id'] : $r['url'];
$db->query("UPDATE {$DT_PRE}ad SET hits=hits+1 WHERE aid={$aid}");
}
}
} else {
if ($mid) {
if (isset($MODULE[$mid]) && $itemid) {
if ($mid == 2) {
$mid = 4;
}
$condition = $mid == 4 ? "userid={$itemid}" : "itemid={$itemid}";
$r = $db->get_one("SELECT linkurl FROM " . get_table($mid) . " WHERE {$condition}");
if ($r) {
$url = strpos($r['linkurl'], '://') === false ? $MODULE[$mid]['linkurl'] . $r['linkurl'] : $r['linkurl'];
}
}
if ($mid == -9 && $itemid) {
$url = $MODULE[9]['linkurl'] . rewrite('resume.php?itemid=' . $itemid);
}
} else {
check_referer() or $url = DT_PATH;
}
}
}
dheader($url);
{
global $errorsTo, $addSubjSig;
if (!empty($errorsTo)) {
if ($addSubjSig) {
$finalSubject = "[{$dfltSubj}] ";
}
$finalSubject .= "Problem with form processing";
$content = "The following problem(s) occurred with contact form processing:\n\n";
$nerrors = count($errors);
for ($i = 0; $i < $nerrors; $i++) {
$content .= " . " . $errors[$i] . "\n";
}
mail($errorsTo, $finalSubject, $content, generate_additional_headers());
}
}
if (!check_referer($allowedReferers, $logOnReferer)) {
show_fatal($errors);
if ($adviseOnReferer == true) {
mail_advisory($errors);
}
exit;
}
$whotos = array();
if (($fp = fopen($recipientFile, "r")) == false) {
die("Can't open data file '{$recipientFile}'.\n");
}
while ($inString = read_file_line($fp)) {
list($key, $description, $value) = explode(':', $inString);
$whotos[trim($key)] = trim($value);
}
fclose($fp);
<?php
/*
[Destoon B2B System] Copyright (c) 2008-2015 www.destoon.com
This is NOT a freeware, use is subject to license.txt
*/
$_SERVER['REQUEST_URI'] = '';
require '../common.inc.php';
header("Content-type:text/javascript");
check_referer() or exit('document.write("Invalid Referer");');
$tag = isset($auth) ? decrypt($auth) : '';
$tag or exit('document.write("Invalid Parameter");');
is_file(DT_ROOT . '/file/script/0' . md5($tag) . '.js') or exit('document.write("Invalid Script");');
$tag = strip_sql($tag);
foreach (array($DT_PRE, '#', '$', '%', '&', 'table', 'fields', 'password', 'payword', 'debug') as $v) {
strpos($tag, $v) === false or exit('document.write("Invalid Tag");');
}
ob_start();
tag($tag);
$data = ob_get_contents();
ob_clean();
echo 'document.write(\'' . dwrite($data ? $data : 'No Data') . '\');';
<?php
// download ticket system
include "include/sesslang.php";
include "include/sessauth.php";
include "include/entry.php";
$act = empty($_REQUEST["a"]) || !is_string($_REQUEST["a"]) ? false : $_REQUEST["a"];
if ($act != false && (!check_referer() || !check_token())) {
header("Location: {$adminPath}");
} elseif (!$auth || $act == $entryAuth) {
include $entry[$entryAuth]['entry'];
} elseif (isset($entry[$act]) && (!$entry[$act]['admin'] || $auth['admin'])) {
include $entry[$act]['entry'];
} else {
include $entry[$entryDefault]['entry'];
}
/*
[Destoon B2B System] Copyright (c) 2008-2013 Destoon.COM
This is NOT a freeware, use is subject to license.txt
*/
define('DT_NONUSER', true);
if ($_SERVER['QUERY_STRING']) {
$exprise = isset($_GET['tag_expires']) ? intval($_GET['tag_expires']) : 0;
$moduleid = isset($_GET['moduleid']) ? intval($_GET['moduleid']) : 0;
$moduleid > 3 or exit('document.write("<h2>Bad Parameter</h2>");');
$tag = $_SERVER['QUERY_STRING'];
$_SERVER['QUERY_STRING'] = $_SERVER['REQUEST_URI'] = '';
foreach ($_GET as $k => $v) {
unset(${$k});
}
$_GET = array();
require '../common.inc.php';
header("Content-type:text/javascript");
$DT['jstag'] && $DT['safe_domain'] && check_referer() or exit('document.write("<h2>Invalid Referer</h2>");');
$tag = strip_sql(stripslashes(urldecode($tag)));
foreach (array($DT_PRE, '#', '$', '%', '&', 'table', 'fields', 'password', 'payword', 'debug') as $v) {
strpos($tag, $v) === false or exit('document.write("<h2>Bad Parameter</h2>");');
}
ob_start();
tag($tag, $exprise);
$data = ob_get_contents();
ob_clean();
echo 'document.write(\'' . dwrite($data) . '\');';
} else {
header("Content-type:text/javascript");
echo 'document.write("<h2>Bad Parameter</h2>");';
}
){kind=link}