break; default: $method = 'nw'; break; } $url = str_replace(array('rss.pml.php'), array('rss.php'), $url) . '?f=' . urlencode($file_id) . '&l=' . urlencode(isset($_GET['l']) ? $_GET['l'] : $lang) . '&tz=' . urlencode($tz) . '&format=' . urlencode($format) . '&count=' . (isset($files[$file_id]['max']) ? urlencode($files[$file_id]['max']) : urlencode(LOGS_MAX)) . '&timeout=' . urlencode(MAX_SEARCH_LOG_TIME) . '&search=' . urlencode(@$_POST['search']); $current_user = Sentinel::attempt($files); // We authenticate the url if a user is logged in // -> if log is anonymous, the request will be authenticated and if an admin remove // the anonymous log, this user will always be able to get it // -> if the log file is protected, this user will be able to get ot according to its rights if (!is_null($current_user)) { $username = Sentinel::getCurrentUsername(); $user = Sentinel::getUser($username); $token = $user['at']; $hash = Sentinel::sign(array('f' => $_POST['file']), $username); $url = $url . '&t=' . urlencode($token) . '&h=' . urlencode($hash); } $u = parse_url($url); $ip = $u['host']; if (filter_var($ip, FILTER_VALIDATE_IP)) { $return['war'] = !is_not_local_ip($ip); } else { if ($ip === 'localhost') { $return['war'] = true; } else { $return['war'] = false; } } $return['url'] = $url; $return['met'] = $method;