8 if( substr( @
XOOPS_VERSION , 6 , 3 ) > 2.0 && stristr( @
$_SERVER[
'REQUEST_URI'] ,
'modules/system/admin.php?fct=preferences' ) ) {
17 if( @
$_SERVER[
'REQUEST_URI'] ==
'/admin.php' && ! is_writable( dirname(dirname(__FILE__)).
'/configs' ) ) {
18 trigger_error(
'You should turn the directory ' . dirname(dirname(__FILE__)).
'/configs writable' , E_USER_WARNING ) ;
22 require_once dirname(dirname(__FILE__)).
'/class/protector.php' ;
32 if( in_array( substr(
XOOPS_VERSION , 0 , 12 ) , array(
'XOOPS 2.0.16' ,
'XOOPS 2.0.13' ,
'XOOPS 2.2.4' ) ) ) {
35 if( $xoopsMailerConfig[
'mailmethod'] ==
'sendmail' && md5_file( XOOPS_ROOT_PATH.
'/class/mail/phpmailer/class.phpmailer.php' ) ==
'ee1c09a8e579631f0511972f929fe36a' ) {
36 echo
'<strong>phpmailer security hole! Change the preferences of mail from "sendmail" to another, or upgrade the core right now! (message by protector)</strong>' ;
41 if( ! empty(
$conf[
'global_disabled'] ) )
return true ;
44 if( is_object( $xoopsUser ) && in_array( 1 , $xoopsUser->getGroups() ) ) {
48 if( empty( $group1_allow ) ) die(
'This account is disabled for your IP by Protector.<br />Clear cookie if you want to access this site as a guest.' ) ;
53 $reliable_ips = @unserialize( @
$conf[
'reliable_ips'] ) ;
54 if( is_array( $reliable_ips ) )
foreach( $reliable_ips as $reliable_ip ) {
55 if( ! empty( $reliable_ip ) && preg_match(
'/'.$reliable_ip.
'/' ,
$_SERVER[
'REMOTE_ADDR'] ) ) {
61 if( is_object( @$xoopsUser ) ) {
62 $uid = $xoopsUser->getVar(
'uid') ;
63 $can_ban = count( @array_intersect( $xoopsUser->getGroups() , @unserialize( @
$conf[
'bip_except'] ) ) ) ?
false :
true ;
66 if( ( ! empty(
$_POST[
'uname'] ) && ! empty(
$_POST[
'pass'] ) ) || ( ! empty( $_COOKIE[
'autologin_uname'] ) && ! empty( $_COOKIE[
'autologin_pass'] ) ) ) {
73 if(@
$conf[
'stopforumspam_action'] !=
'none') {
78 if( $can_ban &&
$protector->_should_be_banned ) {
80 }
else if( $can_ban &&
$protector->_should_be_banned_time0 ) {
85 $dos_skipping =
false ;
86 $skip_dirnames = explode(
'|' , @
$conf[
'dos_skipmodules'] ) ;
87 if( ! is_array( $skip_dirnames ) ) $skip_dirnames = array() ;
88 if( is_object( @$xoopsModule ) ) {
89 if( in_array( $xoopsModule->getVar(
'dirname') , $skip_dirnames ) ) {
90 $dos_skipping =
true ;
93 foreach( $skip_dirnames as $skip_dirname ) {
94 if( $skip_dirname && strstr( getcwd() , $skip_dirname ) ) {
95 $dos_skipping =
true ;
102 if( defined(
'PROTECTOR_SKIP_DOS_CHECK' ) ) $dos_skipping =
true ;
105 if( empty( $dos_skipping ) && !
$protector->check_dos_attack(
$uid , $can_ban ) ) {
111 $ips = explode(
'.' , @
$_SESSION[
'protector_last_ip'] ) ;
112 $protector_last_numip = @$ips[0] * 0x1000000 + @$ips[1] * 0x10000 + @$ips[2] * 0x100 + @$ips[3] ;
113 $ips = explode(
'.' ,
$_SERVER[
'REMOTE_ADDR'] ) ;
114 $remote_numip = @$ips[0] * 0x1000000 + @$ips[1] * 0x10000 + @$ips[2] * 0x100 + @$ips[3] ;
115 $shift = 32 - @
$conf[
'session_fixed_topbit'] ;
116 if( $shift < 32 && $shift >= 0 && ! empty(
$_SESSION[
'protector_last_ip'] ) && $protector_last_numip >> $shift != $remote_numip >> $shift ) {
117 if( is_object( $xoopsUser ) && count( array_intersect( $xoopsUser->getGroups() , unserialize(
$conf[
'groups_denyipmove'] ) ) ) ) {
124 if( !
$protector->check_sql_isolatedcommentin( @
$conf[
'isocom_action'] & 1 ) ) {
125 if( (
$conf[
'isocom_action'] & 8 ) && $can_ban )
$protector->register_bad_ips() ;
126 else if( (
$conf[
'isocom_action'] & 4 ) && $can_ban )
$protector->register_bad_ips( time() +
$protector->_conf[
'banip_time0'] ) ;
133 if( (
$conf[
'union_action'] & 8 ) && $can_ban )
$protector->register_bad_ips() ;
134 else if( (
$conf[
'union_action'] & 4 ) && $can_ban )
$protector->register_bad_ips( time() +
$protector->_conf[
'banip_time0'] ) ;
141 if( is_object( $xoopsUser ) ) {
142 if( ! $xoopsUser->isAdmin() &&
$conf[
'spamcount_uri4user'] ) {
143 $protector->spam_check( intval(
$conf[
'spamcount_uri4user'] ) , $xoopsUser->getVar(
'uid') ) ;
145 }
else if(
$conf[
'spamcount_uri4guest'] ) {
151 $protector->call_filter(
'postcommon_post' ) ;
155 if(
$_SERVER[
'SCRIPT_FILENAME'] == XOOPS_ROOT_PATH.
'/register.php' ) {
156 $protector->call_filter(
'postcommon_register' ) ;