예제 #1
0
function check_post()
{
    if (strtoupper($_SERVER['REQUEST_METHOD']) != 'POST') {
        return false;
    }
    return check_referer();
}
예제 #2
0
/************************************************************************/
/* Copyright (c) 2002-2010                                              */
/* Inclusive Design Institute                                           */
/* http://atutor.ca														*/
/*																		*/
/* This program is free software. You can redistribute it and/or        */
/* modify it under the terms of the GNU General Public License          */
/* as published by the Free Software Foundation.                        */
/************************************************************************/
// $Id$
define('AT_INCLUDE_PATH', '../../../include/');
require AT_INCLUDE_PATH . 'vitals.inc.php';
admin_authenticate(AT_ADMIN_PRIV_USERS);
// Prevent remote access via CSRF: 5566
// Ref include/lib/vitals-inc.php
check_referer();
if (isset($_POST['cancel'])) {
    header('Location: ' . AT_BASE_HREF . 'mods/_core/users/users.php');
    exit;
}
if (isset($_POST['submit'])) {
    $missing_fields = array();
    $_POST['password'] = $addslashes($_POST['form_password1']);
    $_POST['form_password2'] = htmlspecialchars($_POST['form_password2']);
    $_POST['website'] = $addslashes($_POST['website']);
    $_POST['first_name'] = $addslashes($_POST['first_name']);
    $_POST['second_name'] = $addslashes($_POST['second_name']);
    $_POST['last_name'] = $addslashes($_POST['last_name']);
    $_POST['address'] = $addslashes($_POST['address']);
    $_POST['postal'] = $addslashes($_POST['postal']);
    $_POST['city'] = $addslashes($_POST['city']);
예제 #3
0
<?php

defined('IN_DESTOON') or exit('Access Denied');
if ($DT_BOT) {
    dhttp(403);
}
require DT_ROOT . '/module/' . $module . '/common.inc.php';
check_referer() or dheader($MOD['linkurl']);
$itemid = intval(decrypt($auth));
$itemid or dheader($MOD['linkurl']);
$item = $db->get_one("SELECT * FROM {$table} WHERE itemid={$itemid} AND status>2");
$item or dheader($MOD['linkurl']);
extract($item);
$CAT = get_cat($catid);
$linkurl = $MOD['linkurl'] . $linkurl;
if (!check_group($_groupid, $MOD['group_show']) || !check_group($_groupid, $MOD['group_contact']) || !check_group($_groupid, $CAT['group_show'])) {
    dheader($linkurl);
}
$fee = get_fee($item['fee'], $MOD['fee_view']);
if ($MG['fee_mode'] && $MOD['fee_mode']) {
    $fee = 0;
}
if ($item['username'] == $_username) {
    $fee = 0;
}
if ($fee) {
    if ($_userid) {
        check_pay($moduleid, $itemid) or dheader($linkurl);
    } else {
        dheader($linkurl);
    }
예제 #4
0
  if ($useWindowClose) {
    echo '<script language="javascript" type="text/javascript">' . "\n";
    echo 'setTimeout("self.close()", 5000 )' . "\n";
    echo '</script>' . "\n";
  }
  if ($supressIP === false) { echo '<script type="text/javascript">document.getElementById("feprocessing").src="_src/complete.gif";</script>'; }
  exit();
}
*/
/**
 * Checks that form is from an approved "referer"
 * - will exit and not proceed if referer is NOT found
 * @var array string
 */
if (isset($referers)) {
    check_referer($referers);
}
/**
 * Checks if "email" included in form is on banlist
 * - will exit and not proceed if email is on banlist
 */
if (isset($bannedEmails) && count($bannedEmails) > 0) {
    check_banlist($bannedEmails, $email);
}
/**
 * Sort the $_POST variables
 */
if (isset($sort) && $sort == "alphabetic") {
    uksort($_POST, "strnatcasecmp");
} elseif (isset($sort) && isset($list) && ereg('^order:.*,.*', $sort) && ($list = explode(',', ereg_replace('^order:', '', $sort)))) {
    $sort = $list;
예제 #5
0
파일: add.php 프로젝트: yanghxstone/php
        exit;
    }
    // Set cookie for flood protection --------------------------------------------------------------
    $cookie = setcookie('entry', '<br><br><center><font color=red><b>Sorry, You have already posted a Message on this guestbook.<br>Please wait 2 minutes and try again.</b></font><br><br></center>', time() + 120);
}
// End of If statement for flooding
// Including header of the system ---------------------------------------
//include("functions.php");
include "header.php";
// Check for Banned IP if Option is set ---------------------------------
if ($banIPKey == 1) {
    include "ban.php";
}
// Check to make sure that the post is coming from YOUR domain ----------
if ($referersKey == 1) {
    if (!check_referer($referers)) {
        // Form was not submitted from the site so exit
        echo "<center><br><a href=\"javascript:history.go(-1)\" class=\"text\"><font color=red>You are attempting to submit this entry from an<br>UNAUTHORIZED LOCATION. Your IP Number and Address has been logged.<br>Please be warned that continuing your attempt<br>to flood this guestbook may result<br>in legal action against you and your organization. </a></center>";
        include "footer.php";
        exit;
    }
}
// Re-assigning the variables passed by posted form ---------------------
$yourname = $_POST['yourname'];
$youremail = $_POST['youremail'];
$yourmessage = $_POST['yourmessage'];
$date = date("D m/j/y g:iA");
// Error Handeling and entry checking -----------------------------------
echo "<center><h2>{$addentryheadtxt}</h2></center>";
// Name Validation Section -----------------------------
if ($name_optional != 1) {
$config['_database_name'] = '';
$config['_save_database'] = '';
$config['_csv_directory'] = '/tmp';
$config['_save_csv'] = '';
$config['_mandatory'] = '';
// array of formfields
$store = array();
$missing = 0;
// get http params and parse each entry
$params = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS);
foreach ($params as $key => $val) {
    parse_key($key, $val);
}
// === M A I N ==========================================================
// check if page is refered from our server
check_referer(empty($_SERVER['HTTP_REFERER']) ? $config['_html_return'] : $_SERVER['HTTP_REFERER']);
// check if we have action to take
if (empty($config['_html_return']) || empty($config['_html_confirm']) && empty($config['_mail_to']) && empty($config['_save_csv']) && empty($config['_save_database'])) {
    missing_action();
}
// check if mandatory fields are entered or cancel was pressed
if (!empty($config['_mandatory'])) {
    if (ereg(',', $config['_mandatory'])) {
        $amkeys = split(',', $config['_mandatory']);
        foreach ($amkeys as $mkey) {
            if (!isset($store[$mkey])) {
                $store[$mkey] = "__ERROR__ ";
                ++$missing;
            }
        }
    } elseif (!isset($store[$config['_mandatory']])) {
예제 #7
0
<?php

require '../common.inc.php';
check_referer() or exit;
if ($DT_BOT) {
    dhttp(403);
}
isset($auth) or $auth = '';
if ($auth) {
    $string = decrypt($auth, DT_KEY . 'SPAM');
    if (preg_match("/^[a-z0-9_@\\-\\s\\/\\.\\,\\(\\)\\+]+\$/i", $string)) {
        header("content-type:image/png");
        $imageX = strlen($string) * 9;
        $imageY = 20;
        $im = @imagecreate($imageX, $imageY) or exit;
        imagecolorallocate($im, 255, 255, 255);
        $color = imagecolorallocate($im, 0, 0, 0);
        imagestring($im, 5, 0, 5, $string, $color);
        imagepng($im);
        imagedestroy($im);
    }
}
예제 #8
0
} else {
    if (isset($aid)) {
        $aid = intval($aid);
        if ($aid) {
            $r = $db->get_one("SELECT url,key_moduleid,key_id,typeid FROM {$DT_PRE}ad WHERE aid={$aid} AND fromtime<{$DT_TIME} AND totime>{$DT_TIME}");
            if ($r) {
                $url = $r['key_moduleid'] && $r['typeid'] > 5 ? 'redirect.php?mid=' . $r['key_moduleid'] . '&itemid=' . $r['key_id'] : $r['url'];
                $db->query("UPDATE {$DT_PRE}ad SET hits=hits+1 WHERE aid={$aid}");
            }
        }
    } else {
        if ($mid) {
            if (isset($MODULE[$mid]) && $itemid) {
                if ($mid == 2) {
                    $mid = 4;
                }
                $condition = $mid == 4 ? "userid={$itemid}" : "itemid={$itemid}";
                $r = $db->get_one("SELECT linkurl FROM " . get_table($mid) . " WHERE {$condition}");
                if ($r) {
                    $url = strpos($r['linkurl'], '://') === false ? $MODULE[$mid]['linkurl'] . $r['linkurl'] : $r['linkurl'];
                }
            }
            if ($mid == -9 && $itemid) {
                $url = $MODULE[9]['linkurl'] . rewrite('resume.php?itemid=' . $itemid);
            }
        } else {
            check_referer() or $url = DT_PATH;
        }
    }
}
dheader($url);
예제 #9
0
{
    global $errorsTo, $addSubjSig;
    if (!empty($errorsTo)) {
        if ($addSubjSig) {
            $finalSubject = "[{$dfltSubj}] ";
        }
        $finalSubject .= "Problem with form processing";
        $content = "The following problem(s) occurred with contact form processing:\n\n";
        $nerrors = count($errors);
        for ($i = 0; $i < $nerrors; $i++) {
            $content .= "    . " . $errors[$i] . "\n";
        }
        mail($errorsTo, $finalSubject, $content, generate_additional_headers());
    }
}
if (!check_referer($allowedReferers, $logOnReferer)) {
    show_fatal($errors);
    if ($adviseOnReferer == true) {
        mail_advisory($errors);
    }
    exit;
}
$whotos = array();
if (($fp = fopen($recipientFile, "r")) == false) {
    die("Can't open data file '{$recipientFile}'.\n");
}
while ($inString = read_file_line($fp)) {
    list($key, $description, $value) = explode(':', $inString);
    $whotos[trim($key)] = trim($value);
}
fclose($fp);
예제 #10
0
파일: js.php 프로젝트: hiproz/zhaotaoci.cc
<?php

/*
	[Destoon B2B System] Copyright (c) 2008-2015 www.destoon.com
	This is NOT a freeware, use is subject to license.txt
*/
$_SERVER['REQUEST_URI'] = '';
require '../common.inc.php';
header("Content-type:text/javascript");
check_referer() or exit('document.write("Invalid Referer");');
$tag = isset($auth) ? decrypt($auth) : '';
$tag or exit('document.write("Invalid Parameter");');
is_file(DT_ROOT . '/file/script/0' . md5($tag) . '.js') or exit('document.write("Invalid Script");');
$tag = strip_sql($tag);
foreach (array($DT_PRE, '#', '$', '%', '&amp;', 'table', 'fields', 'password', 'payword', 'debug') as $v) {
    strpos($tag, $v) === false or exit('document.write("Invalid Tag");');
}
ob_start();
tag($tag);
$data = ob_get_contents();
ob_clean();
echo 'document.write(\'' . dwrite($data ? $data : 'No Data') . '\');';
예제 #11
0
파일: admin.php 프로젝트: dg-wfk/dl
<?php

// download ticket system
include "include/sesslang.php";
include "include/sessauth.php";
include "include/entry.php";
$act = empty($_REQUEST["a"]) || !is_string($_REQUEST["a"]) ? false : $_REQUEST["a"];
if ($act != false && (!check_referer() || !check_token())) {
    header("Location: {$adminPath}");
} elseif (!$auth || $act == $entryAuth) {
    include $entry[$entryAuth]['entry'];
} elseif (isset($entry[$act]) && (!$entry[$act]['admin'] || $auth['admin'])) {
    include $entry[$act]['entry'];
} else {
    include $entry[$entryDefault]['entry'];
}
예제 #12
0
파일: js.php 프로젝트: hcd2008/destoon
/*
	[Destoon B2B System] Copyright (c) 2008-2013 Destoon.COM
	This is NOT a freeware, use is subject to license.txt
*/
define('DT_NONUSER', true);
if ($_SERVER['QUERY_STRING']) {
    $exprise = isset($_GET['tag_expires']) ? intval($_GET['tag_expires']) : 0;
    $moduleid = isset($_GET['moduleid']) ? intval($_GET['moduleid']) : 0;
    $moduleid > 3 or exit('document.write("<h2>Bad Parameter</h2>");');
    $tag = $_SERVER['QUERY_STRING'];
    $_SERVER['QUERY_STRING'] = $_SERVER['REQUEST_URI'] = '';
    foreach ($_GET as $k => $v) {
        unset(${$k});
    }
    $_GET = array();
    require '../common.inc.php';
    header("Content-type:text/javascript");
    $DT['jstag'] && $DT['safe_domain'] && check_referer() or exit('document.write("<h2>Invalid Referer</h2>");');
    $tag = strip_sql(stripslashes(urldecode($tag)));
    foreach (array($DT_PRE, '#', '$', '%', '&amp;', 'table', 'fields', 'password', 'payword', 'debug') as $v) {
        strpos($tag, $v) === false or exit('document.write("<h2>Bad Parameter</h2>");');
    }
    ob_start();
    tag($tag, $exprise);
    $data = ob_get_contents();
    ob_clean();
    echo 'document.write(\'' . dwrite($data) . '\');';
} else {
    header("Content-type:text/javascript");
    echo 'document.write("<h2>Bad Parameter</h2>");';
}