Exemplo n.º 1
0
 function checkDomainAuthorization()
 {
     global $mosConfig_live_site, $_DOCMAN;
     if (!$_DOCMAN->getCfg('security_anti_leech')) {
         return true;
     }
     $this_url = parse_url($mosConfig_live_site);
     $this_host = trim($this_url['host']);
     if (isset($_SERVER['HTTP_REFERER'])) {
         $from_url = parse_url($_SERVER['HTTP_REFERER']);
         $from_host = trim($from_url['host']);
     } else {
         $from_host = "";
     }
     // Determine if they are local. They must:
     // 	1. match the defined server string
     //  2. match the local address or have 'localhost' as their hostname.
     // The last one is unlikely, but this will catch any case at all.
     // If $from_host (remote) is empty, it's considered local, too.
     if (empty($from_host) || strcasecmp($this_host, $from_host) == 0 || strcasecmp('127.0.0.1', $from_host) == 0 || strcasecmp('localhost', $from_host) == 0) {
         $localhost = true;
     } else {
         $localhost = false;
     }
     $allowed = false;
     // If the connection is NOT local, check if the remote host is allowed.
     if (!$localhost) {
         $allowed_hosts = explode('|', $_DOCMAN->getCfg('security_allowed_hosts'));
         //  If the $allowed_hosts list is empty, the remote host is not allowed by default.
         if (count($allowed_hosts > 0)) {
             foreach ($allowed_hosts as $allowed_host) {
                 $allowed_host = DOCMAN_Utils::wild2regular(trim($allowed_host));
                 if (strlen($allowed_host) == 0) {
                     continue;
                 }
                 $allowed_host .= 'i';
                 // make pattern case-insensitive
                 if (preg_match($allowed_host, $from_host)) {
                     $allowed = true;
                     break;
                 }
             }
         }
     }
     return $localhost || $allowed;
 }