File oops_lib/modules/protector/include/precheck

  1: <?php
  2: 
  3: /**
  4:  * @return bool
  5:  */
  6: function protector_prepare()
  7: {
  8:     // check the access is from install/index.php
  9:     if (defined('_INSTALL_CHARSET') && !is_writable(XOOPS_ROOT_PATH . '/mainfile.php')) {
 10:         die('To use installer, remove protector\'s lines from mainfile.php first.');
 11:     }
 12: 
 13:     // Protector class
 14:     require_once dirname(__DIR__) . '/class/protector.php';
 15: 
 16:     // Protector object
 17:     $protector = Protector::getInstance();
 18:     $conf      = $protector->getConf();
 19: 
 20:     // bandwidth limitation
 21:     if (@$conf['bwlimit_count'] >= 10) {
 22:         $bwexpire = $protector->get_bwlimit();
 23:         if ($bwexpire > time()) {
 24:             header('HTTP/1.0 503 Service unavailable');
 25:             $protector->call_filter('precommon_bwlimit', 'This website is very busy now. Please try later.');
 26:         }
 27:     }
 28: 
 29:     // bad_ips
 30:     $bad_ips      = $protector->get_bad_ips(true);
 31:     $bad_ip_match = $protector->ip_match($bad_ips);
 32:     if ($bad_ip_match) {
 33:         $protector->call_filter('precommon_badip', 'You are registered as BAD_IP by Protector.');
 34:     }
 35: 
 36:     // global enabled or disabled
 37:     if (!empty($conf['global_disabled'])) {
 38:         return true;
 39:     }
 40: 
 41:     // reliable ips
 42:     $reliable_ips = @unserialize(@$conf['reliable_ips']);
 43:     if (!is_array($reliable_ips)) {
 44:         // for the environment of (buggy core version && magic_quotes_gpc)
 45:         $reliable_ips = @unserialize(stripslashes(@$conf['reliable_ips']));
 46:         if (!is_array($reliable_ips)) {
 47:             $reliable_ips = array();
 48:         }
 49:     }
 50:     $is_reliable = false;
 51:     foreach ($reliable_ips as $reliable_ip) {
 52:         if (!empty($reliable_ip) && preg_match('/' . $reliable_ip . '/', $_SERVER['REMOTE_ADDR'])) {
 53:             $is_reliable = true;
 54:         }
 55:     }
 56: 
 57:     // "DB Layer Trapper"
 58:     $force_override = strstr(@$_SERVER['REQUEST_URI'], 'protector/admin/index.php?page=advisory') ? true : false;
 59:     // $force_override = true ;
 60:     if ($force_override || !empty($conf['enable_dblayertrap'])) {
 61:         @define('PROTECTOR_ENABLED_ANTI_SQL_INJECTION', 1);
 62:         $protector->dblayertrap_init($force_override);
 63:     }
 64: 
 65:     // "Big Umbrella" subset version
 66:     if (!empty($conf['enable_bigumbrella'])) {
 67:         @define('PROTECTOR_ENABLED_ANTI_XSS', 1);
 68:         $protector->bigumbrella_init();
 69:     }
 70: 
 71:     // force intval variables whose name is *id
 72:     if (!empty($conf['id_forceintval'])) {
 73:         $protector->intval_allrequestsendid();
 74:     }
 75: 
 76:     // eliminate '..' from requests looks like file specifications
 77:     if (!$is_reliable && !empty($conf['file_dotdot'])) {
 78:         $protector->eliminate_dotdot();
 79:     }
 80: 
 81:     // Check uploaded files
 82:     if (!$is_reliable && !empty($_FILES) && !empty($conf['die_badext']) && !defined('PROTECTOR_SKIP_FILESCHECKER') && !$protector->check_uploaded_files()) {
 83:         $protector->output_log($protector->last_error_type);
 84:         $protector->purge();
 85:     }
 86: 
 87:     // Variables contamination
 88:     if (!$protector->check_contami_systemglobals()) {
 89:         if (@$conf['contami_action'] & 4) {
 90:             if (@$conf['contami_action'] & 8) {
 91:                 $protector->_should_be_banned = true;
 92:             } else {
 93:                 $protector->_should_be_banned_time0 = true;
 94:             }
 95:             $_GET = $_POST = array();
 96:         }
 97: 
 98:         $protector->output_log($protector->last_error_type);
 99:         if (@$conf['contami_action'] & 2) {
100:             $protector->purge();
101:         }
102:     }
103: 
104:     // prepare for DoS
105:     //if ( ! $protector->check_dos_attack_prepare() ) {
106:     //    $protector->output_log( $protector->last_error_type , 0 , true ) ;
107:     //}
108: 
109:     if (!empty($conf['disable_features'])) {
110:         $protector->disable_features();
111:     }
112:     return null;
113: }
114:
Namespaces

Classes

Interfaces

Exceptions

Functions
