break;
case "DELETE":
session_name("login");
session_start();
if (!isvalid($_SESSION["Login"])){
if ($_SESSION["disp"]==0){ printform();$_SESSION["disp"]=1;}else{$_SESSION["disp"]=0;}
exit;
}
if ($_SESSION["disp"]==0){
$bannedIps = readips();
$bannedIps = RemoveArrayItem($bannedIps,$delindex);
rewritefile($bannedIps);
$_SESSION["disp"]=1;
}
else{
$_SESSION["disp"]=0;
actionpage();
}
break;
Default:
if (!file_exists($IPfile)){
$file = fopen($IPfile,"w+"); //create it
fwrite ($file,''); //empty it
fclose ($file); //close it
}
function user_remove_ban($ip)
{
if (empty($ip)) {
return false;
}
$users_ban = load_database('users_ban', 'ipban.db');
if (preg_match_all('~^' . preg_sanitize($ip) . '\\|.*$~im', $users_ban, $c, PREG_SET_ORDER)) {
foreach ($c as $v) {
$users_ban = str_replace($v[0] . "\n", '', $users_ban);
}
}
return rewritefile('/cdata/ipban.db.php', $users_ban);
}
function CSRFCheck()
{
global $config_csrf, $_SESS;
// no check CSRF
if ($config_csrf == 0) {
return TRUE;
}
$user = $_SESS['user'];
$csrf_storage = SERVDIR . '/cdata/csrf.php';
$csrf_correct = 0;
$csrf_code = REQ('csrf_code');
$rcheck = file($csrf_storage);
foreach ($rcheck as $id => $vdata) {
list($time, $csrf, $user_name) = explode('|', trim($vdata));
// Check for correct user & csrf code -> unset
if ($user_name == $user && $csrf == $csrf_code) {
unset($rcheck[$id]);
$csrf_correct = 1;
}
// 5-min limit for CSRF
if ($time < time() - 300) {
unset($rcheck[$id]);
}
}
rewritefile('/cdata/csrf.php', '<' . '?php die(); ?>' . "\n" . join('', $rcheck));
if ($csrf_correct == 0) {
add_to_log($_SESS['user'], 'CSRF Missed ' . $_SERVER['HTTP_REFERER']);
msg("error", lang('Error!'), '<div>CSRF fail <a href="' . make_nocache() . '">Go back</div>');
}
}
if ($s == false) {
add_to_log(':anonym:', 'Request dsp without "s" parameter');
msg("error", lang('Error!'), lang("All fields required"), '#GOBACK');
}
// Check the code
$the_email = false;
$fa = file(SERVDIR . '/cdata/confirmations.php');
foreach ($fa as $id => $vs) {
list($email, $md5) = explode('|', trim($vs));
if ($md5 == $s) {
$the_email = $email;
unset($fa[$id]);
}
}
// save new file
rewritefile('/cdata/confirmations.php', join('', $fa));
// Check validation
if ($the_email) {
$user_arr = user_search($the_email, 'email');
$user = $user_arr[UDB_NAME];
} else {
add_to_log(':anonym:', 'Validate "s" parameter: invalid request');
msg("error", lang('Error!'), lang("Validation is broken"), '#GOBACK');
}
// Generate
srand(time());
$salt = "abcdefghjkmnpqrstuvwxyz0123456789-ABCDEFGHIJKLMNOPQRSTUVWXYZ";
for ($i = 0; $i < 9; $i++) {
$new_pass .= $salt[rand(0, strlen($salt) - 1)];
}
// Save new password
