XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
precheck_functions.php
Go to the documentation of this file.
1 <?php
2 
3 function protector_prepare()
4 {
5  // check the access is from install/index.php
6  if( defined( '_INSTALL_CHARSET' ) && ! is_writable( XOOPS_ROOT_PATH.'/mainfile.php' ) ) die( 'To use installer, remove protector\'s lines from mainfile.php first.' ) ;
7 
8  // Protector class
9  require_once dirname(dirname(__FILE__)).'/class/protector.php' ;
10 
11  // Protector object
12  $protector =& Protector::getInstance() ;
13  $conf = $protector->getConf() ;
14 
15  // bandwidth limitation
16  if( @$conf['bwlimit_count'] >= 10 ) {
17  $bwexpire = $protector->get_bwlimit() ;
18  if( $bwexpire > time() ) {
19  header( 'HTTP/1.0 503 Service unavailable' ) ;
20  $protector->call_filter( 'precommon_bwlimit' , 'This website is very busy now. Please try later.' ) ;
21  }
22  }
23 
24  // bad_ips
25  $bad_ips = $protector->get_bad_ips( true ) ;
26  $bad_ip_match = $protector->ip_match( $bad_ips ) ;
27  if( $bad_ip_match ) {
28  $protector->call_filter( 'precommon_badip' , 'You are registered as BAD_IP by Protector.' ) ;
29  }
30 
31  // global enabled or disabled
32  if( ! empty( $conf['global_disabled'] ) ) return true ;
33 
34  // reliable ips
35  $reliable_ips = @unserialize( @$conf['reliable_ips'] ) ;
36  if( ! is_array( $reliable_ips ) ) {
37  // for the environment of (buggy core version && magic_quotes_gpc)
38  $reliable_ips = @unserialize( stripslashes( @$conf['reliable_ips'] ) ) ;
39  if( ! is_array( $reliable_ips ) ) $reliable_ips = array() ;
40  }
41  $is_reliable = false ;
42  foreach( $reliable_ips as $reliable_ip ) {
43  if( ! empty( $reliable_ip ) && preg_match( '/'.$reliable_ip.'/' , $_SERVER['REMOTE_ADDR'] ) ) {
44  $is_reliable = true ;
45  }
46  }
47 
48  // "DB Layer Trapper"
49  $force_override = strstr( @$_SERVER['REQUEST_URI'] , 'protector/admin/index.php?page=advisory' ) ? true : false ;
50  // $force_override = true ;
51  if( $force_override || ! empty( $conf['enable_dblayertrap'] ) ) {
52  @define('PROTECTOR_ENABLED_ANTI_SQL_INJECTION' , 1 ) ;
53  $protector->dblayertrap_init( $force_override ) ;
54  }
55 
56  // "Big Umbrella" subset version
57  if( ! empty( $conf['enable_bigumbrella'] ) ) {
58  @define('PROTECTOR_ENABLED_ANTI_XSS' , 1 ) ;
59  $protector->bigumbrella_init() ;
60  }
61 
62  // force intval variables whose name is *id
63  if( ! empty( $conf['id_forceintval'] ) ) $protector->intval_allrequestsendid() ;
64 
65  // eliminate '..' from requests looks like file specifications
66  if( ! $is_reliable && ! empty( $conf['file_dotdot'] ) ) $protector->eliminate_dotdot() ;
67 
68  // Check uploaded files
69  if( ! $is_reliable && ! empty( $_FILES ) && ! empty( $conf['die_badext'] ) && ! defined( 'PROTECTOR_SKIP_FILESCHECKER' ) && ! $protector->check_uploaded_files() ) {
70  $protector->output_log( $protector->last_error_type ) ;
71  $protector->purge() ;
72  }
73 
74  // Variables contamination
75  if( ! $protector->check_contami_systemglobals() ) {
76  if( @$conf['contami_action'] & 4 ) {
77  if( @$conf['contami_action'] & 8 ) {
78  $protector->_should_be_banned = true ;
79  } else {
80  $protector->_should_be_banned_time0 = true ;
81  }
82  $_GET = $_POST = array() ;
83  }
84 
85  $protector->output_log( $protector->last_error_type ) ;
86  if( @$conf['contami_action'] & 2 ) $protector->purge() ;
87  }
88 
89  // prepare for DoS
90  //if( ! $protector->check_dos_attack_prepare() ) {
91  // $protector->output_log( $protector->last_error_type , 0 , true ) ;
92  //}
93 
94  if( ! empty( $conf['disable_features'] ) ) $protector->disable_features() ;
95 
96 }
97 
98 ?>