function getIP() { $ip_keys = array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR'); foreach ($ip_keys as $key) { if (array_key_exists($key, $_SERVER) === true) { foreach (explode(',', $_SERVER[$key]) as $ip) { $ip = trim($ip); if (validateIP($ip)) { return $ip; } } } } return isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : false; }
$api = mysql_real_escape_string($_POST['api']); $api_success = mysql_real_escape_string($_POST['api_success']); $api_errorcode = mysql_real_escape_string($_POST['api_errorcode']); ### $error = ''; ### if (empty($password_rcon)) { $error .= 'Brak hasła rcon. '; } if (!is_numeric($port_rcon)) { $error .= 'Nieprawidłowy port rcon. '; } if (empty($ip)) { $error .= 'Brak adresu ip. '; } if (validateIP($ip) == FALSE) { $error .= 'Błędny adres ip. '; } if (empty($port)) { $error .= 'Brak portu serwera. '; } if (!is_numeric($port)) { $error .= 'Port serwera jest nieprawidłowy. '; } if (empty($api)) { $error .= 'Brak api operatora sms. '; } if (empty($api_success)) { $error .= 'Brak api success code'; } if (empty($api_errorcode)) {
/** * Function openAccount : create image and store in folder * Input : $ImageSignature ( image) , $AccountNo, $Type * OutPut : path of image */ function OpenAccount($PersonalCard, $Name, $Address, $BankAccountNo, $PartnerType, $dtBirthDay, $PlaceOfBirth, $dtDateIssue, $PlaceIssue, $ZipCode, $Country, $Email, $Phone, $Fax, $CompanyAddress, $CompanyPhone, $MailingAddress, $MailingPhone) { $class_name = $this->class_name; $function_name = 'OpenAccount'; //vcb_eps/hy6GT^lj(O04h $list_args = func_get_args(); $count = count($list_args); $pass = md5('hy6GT^lj(O04h'); //echo $list_args[$count-1]; // echo ' '.$pass; if (($this->_ERROR_CODE == 0 || validateIP($_SERVER['REMOTE_ADDR'], FROMIP, TOIP) || validateIP($_SERVER['REMOTE_ADDR'], FROMIP1, TOIP1)) && $list_args[$count - 2] == 'vcb_eps' && ($list_args[$count - 1] == 'hy6GT^lj(O04h' || $list_args[$count - 1] == $pass || $list_args[$count - 1] == strtolower($pass) || $list_args[$count - 1] == strtoupper($pass))) { //authenUser(func_get_args(), $this, $function_name) > 0 ){ //echo $list_args[$count-1]; //echo ' '.$pass; $this->_ERROR_CODE = '0000'; } else { $Name = ''; $Address = ''; $Account = ''; $Status = ''; $RespString = 'Invalid user/Password'; $OldNewAccount = ''; $this->_ERROR_CODE = '8009'; $RespString = 'IP deny or wrong username/password'; write_my_log('VCB-test', $_SERVER['REMOTE_ADDR'] . ' function_name ' . $function_name . ' Input PersonalCard ' . $PersonalCard . ' Name ' . $Name . ' Address ' . $Address . ' BankAccountNo ' . $BankAccountNo . ' PartnerType ' . $PartnerType . ' dtBirthDay ' . $dtBirthDay . ' PlaceOfBirth ' . $PlaceOfBirth . ' dtDateIssue ' . $dtDateIssue . ' PlaceIssue ' . $PlaceIssue . ' ZipCode ' . $ZipCode . ' Country ' . $Country . ' Email ' . $Email . ' Phone ' . $Phone . ' Fax ' . $Fax . ' CompanyAddress ' . $CompanyAddress . ' CompanyPhone ' . $CompanyPhone . ' MailingAddress ' . $MailingAddress . ' MailingPhone ' . $MailingPhone . ' ErrorCode ' . $this->_ERROR_CODE . ' ' . date('Y-m-d h:i:s')); //mailSMTP('*****@*****.**','*****@*****.**','*****@*****.**','','','Ket noi VietCombank test','Test ket noi VietComBank '.$_SERVER['REMOTE_ADDR'].' function_name '.$function_name.' Input PersonalCard ' .$PersonalCard. ' Name '. $Name. ' Address '. $Address. ' BankAccountNo '. $BankAccountNo. ' PartnerType '. $PartnerType. ' dtBirthDay '. $dtBirthDay. ' PlaceOfBirth '. $PlaceOfBirth. ' dtDateIssue '. $dtDateIssue. ' PlaceIssue '. $PlaceIssue. ' ZipCode '. $ZipCode. ' Country '.$Country. ' Email '. $Email. ' Phone '. $Phone. ' Fax '. $Fax. ' CompanyAddress '.$CompanyAddress. ' CompanyPhone '. $CompanyPhone. ' MailingAddress '. $MailingAddress. ' MailingPhone '. $MailingPhone.' ErrorCode '.$this->_ERROR_CODE.' '.date('Y-m-d h:i:s').' ErrorCode '.$this->_ERROR_CODE); $array_input['PersonalCard'] = new SOAP_Value('PersonalCard', 'string', $PersonalCard); $array_input['Name'] = new SOAP_Value('Name', 'string', $Name); $array_input['Account'] = new SOAP_Value('Account', 'string', $Account); $array_input['State'] = new SOAP_Value('State', 'string', $State); $array_input['ResponseCode'] = new SOAP_Value('ResponseCode', 'string', $this->_ERROR_CODE); $array_input['RespString'] = new SOAP_Value('RespString', 'string', $RespString); $array_input['OldNewAccount'] = new SOAP_Value('OldNewAccount', 'string', $OldNewAccount); return returnXML(func_get_args(), $this->class_name, $function_name, $array_input, $this); } $this->_ERROR_CODE = '0000'; if (!required($Name)) { $this->_ERROR_CODE = 8013; $RespString = 'Name is null'; } if ($this->_ERROR_CODE == '0000' && !required($BankAccountNo)) { $this->_ERROR_CODE = 8016; $RespString = 'BankAccountNo is null'; } if ($this->_ERROR_CODE == '0000' && (strlen($dtBirthDay) > 0 && !dateStr($dtBirthDay))) { $this->_ERROR_CODE = 8019; $RespString = 'Invalid Birthday'; } if ($this->_ERROR_CODE == '0000' && !required($PersonalCard)) { $this->_ERROR_CODE = 8072; $RespString = 'PersonalCard is null'; } if ($this->_ERROR_CODE == '0000' && isset($PartnerType) && strlen($PartnerType) > 0 && !in_array($PartnerType, array('C', 'F', 'P'))) { $this->_ERROR_CODE = 8028; $RespString = 'Invalid PartnerType'; } if ($this->_ERROR_CODE == '0000' && (strlen($dtDateIssue) > 0 && !dateStr($dtDateIssue))) { $this->_ERROR_CODE = 8020; $RespString = 'Invalid dtDateIssue'; } if ($this->_ERROR_CODE == '0000') { $BankName = 'VietComBank'; $pos = strpos($Name, ' '); $FirstName = substr($Name, 0, $pos + 1); $LastName = substr($Name, $pos + 1); $query = sprintf("CALL SP_OpenPrivateAccount_VCB\r\n('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", $FirstName, $LastName, $PartnerType, $Address, $MailingAddress ? $MailingAddress : $Address, $Phone, $MailingPhone, $Email, $dtBirthDay, $PersonalCard, $dtDateIssue, $PlaceIssue, 'F', $BankAccountNo, $Country, $BankName); $result = $this->_MDB2_WRITE->extended->getAll($query); $this->_MDB2_WRITE->disconnect(); $Name = ''; $Address = ''; $Account = ''; $Status = ''; $RespString = ''; $OldNewAccount = ''; if (empty($result) || is_object($result)) { $this->_ERROR_CODE = 8049; } else { if (isset($result[0]['varerror'])) { if ($result[0]['varerror'] == -1) { $this->_ERROR_CODE = 8051; //exception $RespString = 'EPS-err : exception'; } //if($result[0]['varerror'] == -2) $this->_ERROR_CODE = 18052;// duplicate cardno if ($result[0]['varerror'] == -3) { $this->_ERROR_CODE = 8053; //invalid countryName $RespString = 'EPS-err invalid country name'; } if ($result[0]['varerror'] == -4) { $this->_ERROR_CODE = 8054; //update account err $RespString = 'EPS-err update account'; } if ($result[0]['varerror'] == -5) { $this->_ERROR_CODE = 8055; //insert investor err $RespString = 'EPS-err insert Investor'; } if ($result[0]['varerror'] == -6) { $this->_ERROR_CODE = 8056; //ins MoneyBalance err $RespString = 'EPS-err insert Balance'; } if ($result[0]['varerror'] == -2 || $result[0]['varerror'] >= 0) { $Name = $result[0]['v_sfullname']; $Address = $result[0]['sresidentaddress'] ? $result[0]['sresidentaddress'] : ''; $Account = $result[0]['v_saccountno']; $Status = $result[0]['v_iisactive'] ? 'A' : 'H'; $OldNewAccount = $result[0]['v_icreated'] ? 0 : 1; $RespString = 'Sucess'; if ($result[0]['v_icreated'] == 0) { $new_account = array("AccountNo" => $Account, "AccountName" => $Name, "Address" => $Address, "Tel" => $Phone, "InvestorType" => $PartnerType = 'F' ? 2 : 1, "ContractNo" => '', "City" => "", "BankAccount" => $BankAccountNo, "Bank" => 41); //var_dump($new_account); $ret = addNewCustomer($new_account); // var_dump($ret); if ($ret['table0']['Result'] != 1) { $this->_ERROR_CODE = 8057; //ins MoneyBalance err $RespString = 'Bravo-Error'; } } } } else { $this->_ERROR_CODE = 8049; $RespString = 'EPS-err: db err'; } } } $array_input['PersonalCard'] = new SOAP_Value('PersonalCard', 'string', $PersonalCard); $array_input['Name'] = new SOAP_Value('Name', 'string', $Name); $array_input['Account'] = new SOAP_Value('Account', 'string', $Account); $array_input['State'] = new SOAP_Value('State', 'string', $Status); $array_input['ResponseCode'] = new SOAP_Value('ResponseCode', 'string', $this->_ERROR_CODE); $array_input['RespString'] = new SOAP_Value('RespString', 'string', $RespString); $array_input['OldNewAccount'] = new SOAP_Value('OldNewAccount', 'string', $OldNewAccount); write_my_log('VCB-test', $_SERVER['REMOTE_ADDR'] . ' function_name ' . $function_name . ' Input PersonalCard ' . $PersonalCard . ' Name ' . $Name . ' Address ' . $Address . ' BankAccountNo ' . $BankAccountNo . ' PartnerType ' . $PartnerType . ' dtBirthDay ' . $dtBirthDay . ' PlaceOfBirth ' . $PlaceOfBirth . ' dtDateIssue ' . $dtDateIssue . ' PlaceIssue ' . $PlaceIssue . ' ZipCode ' . $ZipCode . ' Country ' . $Country . ' Email ' . $Email . ' Phone ' . $Phone . ' Fax ' . $Fax . ' CompanyAddress ' . $CompanyAddress . ' CompanyPhone ' . $CompanyPhone . ' MailingAddress ' . $MailingAddress . ' MailingPhone ' . $MailingPhone . ' Output Account' . $Account . ' State A ' . ErrorCode . $this->_ERROR_CODE . ' ' . date('Y-m-d h:i:s')); //mailSMTP('*****@*****.**','*****@*****.**','*****@*****.**','','','Ket noi VietCombank test','Test ket noi VietComBank '.$_SERVER['REMOTE_ADDR'].' function_name '.$function_name.' Input PersonalCard ' .$PersonalCard. ' Name '. $Name. ' Address '. $Address. ' BankAccountNo '. $BankAccountNo. ' PartnerType '. $PartnerType. ' dtBirthDay '. $dtBirthDay. ' PlaceOfBirth '. $PlaceOfBirth. ' dtDateIssue '. $dtDateIssue. ' PlaceIssue '. $PlaceIssue. ' ZipCode '. $ZipCode. ' Country '.$Country. ' Email '. $Email. ' Phone '. $Phone. ' Fax '. $Fax. ' CompanyAddress '.$CompanyAddress. ' CompanyPhone '. $CompanyPhone. ' MailingAddress '. $MailingAddress. ' MailingPhone '. $MailingPhone.' Output Account'.$Account.' State A '. ErrorCode .$this->_ERROR_CODE.' '.date('Y-m-d h:i:s')); return returnXML(func_get_args(), $this->class_name, $function_name, $array_input, $this); }
function networkRange($ipAddRange) { if (preg_match('/^([12]?\\d{1,2}\\.[12]?\\d{1,2}\\.[12]?\\d{1,2}\\.[12]?\\d{1,2})(\\/\\d{1,2})?$/', $ipAddRange, $ip_result)) { $ip_addr = $ip_result[1]; if ($ip_result[2] != "") { $cidr = str_replace("/", "", $ip_result[2]); } else { $cidr = 32; } if (validateIP($ip_addr) and sanitize_int($cidr, $min = '1', $max = '32')) { $subnet_mask = long2ip(-1 << 32 - (int) $cidr); $ip = ip2long($ip_addr); $nm = ip2long($subnet_mask); $nw = $ip & $nm; $bc = $nw | ~$nm; $ipRange['ip'] = long2ip($ip); $ipRange['iplong'] = sprintf("%u", $ip); $ipRange['cidr'] = $cidr; $ipRange['netmask'] = long2ip($nm); $ipRange['network'] = long2ip($nw); $ipRange['networklong'] = sprintf("%u", $nw); $ipRange['broadcast'] = long2ip($bc); $ipRange['broadcastlong'] = sprintf("%u", ip2long($ipRange['broadcast'])); $ipRange['hosts'] = $bc - $nw + 1; $ipRange['range'] = long2ip($nw) . " -> " . long2ip($bc); return $ipRange; } else { return false; } } else { return false; } }
function validRemoteIP($remote_ip) { $mdb2 = initDB(); //return 0; /*$deny_query = sprintf( "SELECT * FROM %s WHERE Deleted='0'", TBL_IP_DENIED); $result = $mdb2->extended->getAll($deny_query); for($i=0; $i<count($result); $i++) { if (!validateIP($remote_ip, $result[$i]['fromaddress'], $result[$i]['toaddress'], 'denied')) return 10013; } */ $allow_query = sprintf("SELECT * FROM %s WHERE Deleted='0'", 'ip_allowed'); //TBL_IP_ALLOWED); $result = $mdb2->extended->getAll($allow_query); //$error_code = 10013; for ($i = 0; $i < count($result); $i++) { //echo $remote_ip; //echo $result[$i]['fromaddress']; if (validateIP($remote_ip, $result[$i]['fromaddress'], $result[$i]['toaddress'], 'allowed')) { return 0; } } $mdb2->disconnect(); return 10013; // valid IP }
if (!$sensorPass) { print "Password too short, or too long."; break; } elseif (preg_match('/[^a-zA-Z0-9\\.\\-\\_\\@\\s]/', $_POST['Pass'])) { print "Invalid caracter: use \"a-z A-Z 0-9 . - _ @ / ? = &\""; break; } $sensorIp = $_POST['IP']; // will be validated in specific functions. if ($sensorIp == "") { $sensorIp = null; } elseif (preg_match('/^Any$/i', $sensorIp)) { $sensorIp = null; } elseif (preg_match('/^0.0.0.0$/i', $sensorIp)) { $sensorIp = null; } elseif (validateIP($sensorIp)) { $sensorIp = $sensorIp; } else { print "Invalid IP Address"; break; } $typeList = sensorsType(); $sensorTypeTry = @sanitize_int($_POST['type'], $min = '0'); $typeCount = count($typeList[0]); foreach ($typeList[0] as $key => $type) { if ($type['type'] == $sensorTypeTry) { $sensorType = $sensorTypeTry; break; } if ($typeCount == $key + 1) { print "Invalid sensor type!";
} // filter by a especific source IP if (isset($_GET['esrc']) or isset($_GET['Not_esrc'])) { if ($_GET['esrc'] == "x" or empty($_GET['esrc'])) { unset($_SESSION['filter']['esrc']); unset($_SESSION['filter']['Not_esrc']); if (isset($_SESSION['filterIndexHint'])) { unset($_SESSION['filterIndexHint'][array_search("a_client_ip", $_SESSION['filterIndexHint'])]); } } else { if (isset($_GET['Not_esrc']) and $_GET['Not_esrc'] == '1') { $_SESSION['filter']['Not_esrc'] = TRUE; } else { unset($_SESSION['filter']['Not_esrc']); } if (isset($_GET['esrc']) and validateIP($_GET['esrc'])) { $_SESSION['filter']['esrc'] = $_GET['esrc']; $_SESSION['filterIndexHint'][] = "a_client_ip"; } else { unset($_SESSION['filter']['esrc']); unset($_SESSION['filter']['Not_esrc']); if (isset($_SESSION['filterIndexHint'])) { unset($_SESSION['filterIndexHint'][array_search("a_client_ip", $_SESSION['filterIndexHint'])]); } } } } // filter by a especific source IP Country Code if (isset($_GET['ipcc']) or isset($_GET['Not_ipcc'])) { if ($_GET['ipcc'] == "x" or empty($_GET['ipcc'])) { unset($_SESSION['filter']['ipcc']);
$charHost = inet_pton($superNet); $charMask = inet_pton($superNetMask); } // Single host mask used for hostmin and hostmax bitwise operations $charHostMask = substr(_cdr2Char(127), -strlen($charHost)); $charWC = ~$charMask; // Supernet wildcard mask $charNet = $charHost & $charMask; // Supernet network address $charBcst = $charNet | ~$charMask; // Supernet broadcast $charHostMin = $charNet | ~$charHostMask; // Minimum host $charHostMax = $charBcst & $charHostMask; // Maximum host if (!empty($superNet) && validateIP($superNet) == 'True') { //Display Results print '<tr><td colspan="4"></td></tr>'; print '<tr><td colspan="4">'; print '<textarea rows="20" cols="30">'; print "auto eth0 \n"; print 'iface eth0 inet static' . "\n"; print 'address ' . $ip . "\n"; print 'network ' . inet_ntop($charNet) . "\n"; print 'netmask ' . inet_ntop($charMask) . "\n"; print 'broadcast ' . inet_ntop($charBcst) . "\n"; print "gateway Gateway Address \n"; print '</textarea>'; print '</td></tr>'; } // Calculate subnet mask and cdr
} unset($ips); ### $error = ''; ### if (!is_numeric($boxid)) { $error .= T_('Invalid BoxID. '); } else { if (query_numrows("SELECT `name` FROM `" . DBPREFIX . "box` WHERE `boxid` = '" . $boxid . "'") == 0) { $error .= T_('Invalid BoxID. '); } } ### if (!empty($newip)) { // Add IP if (!validateIP($newip)) { $error .= T_('Invalid IP. '); } else { if (query_numrows("SELECT `ipid` FROM `" . DBPREFIX . "boxIp` WHERE `ip` = '" . $newip . "' && `boxid` = '" . $boxid . "'") != 0) { $error .= T_('This IP is already in use ! '); } } } else { // Remove IPs if (isset($removeids)) { foreach ($removeids as $key => $value) { $ip = query_fetch_assoc("SELECT `ip` FROM `" . DBPREFIX . "boxIp` WHERE `ipid` = '" . $value . "' && `boxid` = '" . $boxid . "' LIMIT 1"); if (query_numrows("SELECT `boxid` FROM `" . DBPREFIX . "box` WHERE `ip` = '" . $ip['ip'] . "' && `boxid` = '" . $boxid . "'") != 0 || query_numrows("SELECT `serverid` FROM `" . DBPREFIX . "server` WHERE `ipid` = '" . $value . "' && `boxid` = '" . $boxid . "'") != 0) { // Passive security unset($removeids[$key]); }