/** * Checks messaging anti-spam * * @param boolean $autoBack TRUE: returns code 403 and attempts a "back" in browser with Javascript, FALSE: Returns error text * @param boolean $allowPublic TRUE: Also checks for guests, FALSE: Only for registered and logged-in users * @return null|string NULL: Ok, String: translated error text */ function cbAntiSpamCheck($autoBack = true, $allowPublic = false) { global $_POST; $validateValuePost = cbGetParam($_POST, 'cbvssps', ''); cbimport('cb.session'); $validateValueCookie = CBCookie::getcookie('cbvs'); $parts0 = explode('_', $validateValuePost); $parts1 = explode('_', $validateValueCookie); $match = false; if (count($parts0) == 3 && count($parts1) == 3) { $validate = cbGetAntiSpams($parts0[2], $parts1[2], $allowPublic); $match = $validateValuePost === $validate[0] || $validateValueCookie === $validate[1]; } if (!$match) { if ($autoBack) { _cbExpiredSessionJSterminate(); } else { return CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . ' ' . CBTxt::Th('UE_PLEASE_REFRESH', 'Please refresh/reload page before filling-in.'); } } return null; }
function cbAntiSpamCheck($autoBack = true) { global $_POST; $validateValuePost = cbGetParam($_POST, 'cbvssps', ''); cbimport('cb.session'); $validateValueCookie = CBCookie::getcookie('cbvs'); $parts0 = explode('_', $validateValuePost); $parts1 = explode('_', $validateValueCookie); if (count($parts0) == 3 && count($parts1) == 3) { $validate = cbGetAntiSpams($parts0[2], $parts1[2]); } if (count($parts0) != 3 || count($parts1) != 3 || $validateValuePost !== $validate[0] || $validateValueCookie !== $validate[1]) { if ($autoBack) { _cbExpiredSessionJSterminate(); } else { return _UE_SESSION_EXPIRED . ' ' . _UE_PLEASE_REFRESH; } } return null; }
/** * Sends out the session cookies * @access private * * @return boolean FALSE if headers already sent. */ function _sendSessionCookies() { global $_SERVER; $isHttps = (isset($_SERVER['HTTPS']) && ( !empty( $_SERVER['HTTPS'] ) ) && ($_SERVER['HTTPS'] != 'off') ); return CBCookie::setcookie( $this->_cookie_name, $this->_session_id, false, null, null, $isHttps, true ); }
/** * Gets a cleaned value from a PHP global * * @param string $arn * @param string $name * @param mixed $def * @return mixed */ protected static function _globalConv($arn, $name, $def = null) { switch ($arn) { case 'request': global $_REQUEST; $value = cbGetParam($_REQUEST, $name, $def); break; case 'get': global $_GET; $value = cbGetParam($_GET, $name, $def); break; case 'post': global $_POST; $value = cbGetParam($_POST, $name, $def); break; case 'cookie': global $_COOKIE; $value = cbGetParam($_COOKIE, $name, $def); break; case 'cbcookie': cbimport('cb.session'); $value = CBCookie::getcookie($name, $def); break; case 'session': global $_SESSION; $value = cbGetParam($_SESSION, $name, $def); break; case 'server': global $_SERVER; $value = cbGetParam($_SERVER, $name, $def); break; case 'env': global $_ENV; $value = cbGetParam($_ENV, $name, $def); break; default: trigger_error(sprintf('SQLXML::globalconv error: unknown type %s for %s.', $arn, $name), E_USER_NOTICE); $value = null; break; } return stripslashes($value); }