19 defined(
'XOOPS_ROOT_PATH') or die('Restricted access');
29 function XoopsSecurity()
42 function check($clearIfValid =
true,
$token =
false, $name =
'XOOPS_TOKEN')
44 return $this->validateToken(
$token, $clearIfValid, $name);
55 function createToken($timeout = 0, $name =
'XOOPS_TOKEN')
57 $this->garbageCollection($name);
59 $expire = @ini_get(
'session.gc_maxlifetime');
60 $timeout = ($expire > 0) ? $expire : 900;
62 $token_id = md5(uniqid(rand(),
true));
64 if (!isset(
$_SESSION[$name .
'_SESSION'])) {
69 'expire' => time() + intval($timeout));
70 array_push(
$_SESSION[$name .
'_SESSION'], $token_data);
83 function validateToken(
$token =
false, $clearIfValid =
true, $name =
'XOOPS_TOKEN')
88 $xoopsLogger->addExtra(
'Token Validation',
'No valid token found in request/session');
92 $token_data = &
$_SESSION[$name .
'_SESSION'];
93 foreach (array_keys($token_data) as
$i) {
95 if ($this->filterToken($token_data[$i])) {
98 unset($token_data[$i]);
100 $xoopsLogger->addExtra(
'Token Validation',
'Valid token found');
103 $str =
'Valid token expired';
104 $this->setErrors($str);
105 $xoopsLogger->addExtra(
'Token Validation', $str);
110 $xoopsLogger->addExtra(
'Token Validation',
'No valid token found');
112 $this->garbageCollection($name);
121 function clearTokens($name =
'XOOPS_TOKEN')
135 return (!empty(
$token[
'expire']) &&
$token[
'expire'] >= time());
145 function garbageCollection($name =
'XOOPS_TOKEN')
147 if (isset(
$_SESSION[$name .
'_SESSION']) && count(
$_SESSION[$name .
'_SESSION']) > 0) {
160 function checkReferer($docheck = 1)
169 if (strpos($ref, XOOPS_URL) !== 0) {
180 function checkSuperglobals()
185 'HTTP_SESSION_VARS' ,
207 'xoopsModuleConfig' ,
208 'xoopsRequestUri') as $bad_global) {
210 header(
'Location: ' . XOOPS_URL .
'/');
222 function checkBadips()
225 if ($xoopsConfig[
'enable_badips'] == 1 && isset(
$_SERVER[
'REMOTE_ADDR']) &&
$_SERVER[
'REMOTE_ADDR'] !=
'') {
226 foreach($xoopsConfig[
'bad_ips'] as $bi) {
227 if (!empty($bi) && preg_match(
'/' . $bi .
'/',
$_SERVER[
'REMOTE_ADDR'])) {
234 unset($xoopsConfig[
'badips']);
242 function getTokenHTML($name =
'XOOPS_TOKEN')
244 require_once XOOPS_ROOT_PATH .
'/class/xoopsformloader.php';
256 $this->errors[] = trim(
$error);
266 function &getErrors($ashtml =
false)
272 if (count($this->errors) > 0) {
273 foreach ($this->errors as
$error) {
274 $ret .= $error .
'<br />';