Overview

Namespaces

  • None
  • Xmf
    • Database
    • Module
      • Helper
    • Template
  • Xoops
    • Auth
    • Core
      • Cache
      • Database
        • Logging
        • Schema
      • Exception
      • Handler
        • Scheme
      • Kernel
        • Dtype
        • Handlers
        • Model
      • Lists
      • Locale
        • Punic
      • Service
        • Contract
      • Session
      • Text
        • Sanitizer
          • Extensions
      • Theme
        • Plugins
    • Form
    • Html
    • Locale
    • Module
      • Helper
      • Plugin

Classes

  • ArtObject
  • ArtObjectHandler
  • Avatars
  • AvatarsAvatar
  • AvatarsAvatar_userForm
  • AvatarsAvatarForm
  • AvatarsAvatarHandler
  • AvatarsLocale
  • AvatarsLocaleEn_US
  • AvatarsPreload
  • AvatarsProvider
  • AvatarsUserlink
  • AvatarsUserlinkHandler
  • AwesomeButton
  • BannerRender
  • Banners
  • BannersBanner
  • BannersBannerclient
  • BannersBannerclientForm
  • BannersBannerclientHandler
  • BannersBannerForm
  • BannersBannerHandler
  • BannersPreload
  • BloggerApi
  • CodexMenusPlugin
  • CodexSearchPlugin
  • CodexSystemPlugin
  • CodexUserconfigsPlugin
  • Comments
  • CommentsComment
  • CommentsCommentForm
  • CommentsCommentHandler
  • CommentsCommentRenderer
  • CommentsPreload
  • CommentsSystemPlugin
  • CommentsUserconfigsPlugin
  • Cookie
  • CountryFlagProvider
  • Criteria
  • CriteriaCompo
  • CriteriaElement
  • DebugbarLogger
  • DebugbarPreload
  • DebugbarUserconfigsPlugin
  • DefaultThemeLocale
  • DefaultThemeLocaleEn_US
  • FormDhtmlTextArea
  • FormTextArea
  • GravatarsPreload
  • GravatarsProvider
  • htmLawed
  • HtmlToPdfProvider
  • imageLib
  • Images
  • ImagesCategory
  • ImagesCategory_imagemanagerForm
  • ImagesCategoryForm
  • ImagesCategoryHandler
  • ImagesCategoryselectForm
  • ImagesImage
  • ImagesImage_Body
  • ImagesImage_imagemanagerForm
  • ImagesImagebody
  • ImagesImagebodyHandler
  • ImagesImageForm
  • ImagesImageHandler
  • ImagesPreload
  • JUpload
  • LegacyLogger
  • LoggerPreload
  • LoggerUserconfigsPlugin
  • Maintenance
  • MaintenanceMaintenanceForm
  • Menus
  • MenusBuilder
  • MenusConstantDecorator
  • MenusDecorator
  • MenusDecoratorAbstract
  • MenusDefaultDecorator
  • MenusDynamicDecorator
  • MenusMenu
  • MenusMenuHandler
  • MenusMenus
  • MenusMenus_menuForm
  • MenusMenus_menusForm
  • MenusMenusHandler
  • MenusPreload
  • MenusSmartyDecorator
  • MetaWeblogApi
  • MonologLogger
  • MonologPreload
  • MonologUserconfigsPlugin
  • MovableTypeApi
  • MyTextSanitizer
  • MyTextSanitizerExtended
  • Notifications
  • NotificationsNotification
  • NotificationsNotificationHandler
  • NotificationsPreload
  • NotificationsSystemPlugin
  • Page
  • PageCommentsPlugin
  • PageGroupPermHandler
  • PageLocale
  • PageLocaleEn_US
  • PageNotificationsPlugin
  • PagePage_content
  • PagePage_contentForm
  • PagePage_contentHandler
  • PagePage_rating
  • PagePage_ratingHandler
  • PagePage_related
  • PagePage_related_link
  • PagePage_related_linkHandler
  • PagePage_relatedForm
  • PagePage_relatedHandler
  • PagePreload
  • PageSearchPlugin
  • PageSystemPlugin
  • PdfPreload
  • PmMessage
  • PmMessageHandler
  • PmPreload
  • ProfileCategory
  • ProfileCategoryForm
  • ProfileCategoryHandler
  • ProfileCorePreload
  • ProfileField
  • ProfileFieldForm
  • ProfileFieldHandler
  • ProfileMenusPlugin
  • ProfileProfile
  • ProfileProfileHandler
  • ProfileRegstep
  • ProfileRegstepForm
  • ProfileRegstepHandler
  • ProfileVisibility
  • ProfileVisibilityHandler
  • Protector
  • protector_bruteforce_overrun_message
  • protector_crawler_overrun_message
  • protector_f5attack_overrun_message
  • protector_postcommon_post_deny_by_httpbl
  • protector_postcommon_post_deny_by_rbl
  • protector_postcommon_post_htmlpurify4everyone
  • protector_postcommon_post_htmlpurify4guest
  • protector_postcommon_post_need_multibyte
  • protector_postcommon_post_register_moratorium
  • protector_postcommon_register_insert_js_check
  • protector_precommon_badip_errorlog
  • protector_precommon_badip_message
  • protector_precommon_badip_redirection
  • protector_precommon_bwlimit_errorlog
  • protector_precommon_bwlimit_message
  • protector_prepurge_exit_message
  • protector_spamcheck_overrun_message
  • ProtectorCenterForm
  • ProtectorCorePreload
  • ProtectorFilterAbstract
  • ProtectorFilterHandler
  • ProtectorMySQLDatabase
  • Publisher
  • PublisherBlockForm
  • PublisherCategory
  • PublisherCategoryForm
  • PublisherCategoryHandler
  • PublisherCommentsPlugin
  • PublisherFile
  • PublisherFileForm
  • PublisherFileHandler
  • PublisherFormDateTime
  • PublisherGroupPermHandler
  • PublisherItem
  • PublisherItemForm
  • PublisherItemHandler
  • PublisherMenusPlugin
  • PublisherMetagen
  • PublisherMimetype
  • PublisherMimetypeHandler
  • PublisherNotificationsPlugin
  • PublisherPermissionHandler
  • PublisherPreload
  • PublisherRating
  • PublisherRatingHandler
  • PublisherSearchPlugin
  • PublisherSystemPlugin
  • PublisherUtils
  • QrcodePreload
  • QrcodeProvider
  • ReCaptchaResponse
  • RpcArrayHandler
  • RpcBase64Handler
  • RpcBooleanHandler
  • RpcDateTimeHandler
  • RpcDoubleHandler
  • RpcIntHandler
  • RpcMemberHandler
  • RpcMethodNameHandler
  • RpcNameHandler
  • RpcStringHandler
  • RpcStructHandler
  • RpcValueHandler
  • RssAuthorHandler
  • RssCategoryHandler
  • RssChannelHandler
  • RssCommentsHandler
  • RssCopyrightHandler
  • RssDescriptionHandler
  • RssDocsHandler
  • RssGeneratorHandler
  • RssGuidHandler
  • RssHeightHandler
  • RssImageHandler
  • RssItemHandler
  • RssLanguageHandler
  • RssLastBuildDateHandler
  • RssLinkHandler
  • RssManagingEditorHandler
  • RssNameHandler
  • RssPubDateHandler
  • RssSourceHandler
  • RssTextInputHandler
  • RssTitleHandler
  • RssTtlHandler
  • RssUrlHandler
  • RssWebMasterHandler
  • RssWidthHandler
  • SaxParser
  • Search
  • SearchPreload
  • SearchSearchForm
  • Smarty_Resource_Admin
  • Smarty_Resource_Block
  • Smarty_Resource_Db
  • Smarty_Resource_Module
  • Smilies
  • SmiliesPreload
  • SmiliesProvider
  • SmiliesSmiley
  • SmiliesSmileyHandler
  • SmiliesSmiliesForm
  • Snoopy
  • SqlUtility
  • System
  • SystemBlockForm
  • SystemBreadcrumb
  • SystemExtension
  • SystemGroupForm
  • SystemLocale
  • SystemLocaleEn_US
  • SystemMenuHandler
  • SystemModule
  • SystemPreferencesForm
  • SystemPreload
  • SystemUserForm
  • tar
  • ThemeSetAuthorHandler
  • ThemeSetDateCreatedHandler
  • ThemeSetDescriptionHandler
  • ThemeSetEmailHandler
  • ThemeSetFileTypeHandler
  • ThemeSetGeneratorHandler
  • ThemeSetImageHandler
  • ThemeSetLinkHandler
  • ThemeSetModuleHandler
  • ThemeSetNameHandler
  • ThemeSetTagHandler
  • ThemeSetTemplateHandler
  • Thumbs
  • ThumbsPreload
  • ThumbsProvider
  • TinyMCE
  • Userconfigs
  • UserconfigsConfigHandler
  • UserconfigsConfigsForm
  • UserconfigsItem
  • UserconfigsItemHandler
  • UserconfigsMenusPlugin
  • UserconfigsModulesForm
  • UserconfigsOption
  • UserconfigsOptionHandler
  • UserconfigsPreload
  • UserconfigsSystemPlugin
  • UserrankPreload
  • UserRankProvider
  • UserrankRank
  • UserrankRankHandler
  • UserrankRanksForm
  • Xcaptcha
  • XcaptchaCaptchaForm
  • XcaptchaImage
  • XcaptchaImageForm
  • XcaptchaRecaptcha
  • XcaptchaRecaptchaForm
  • XcaptchaText
  • XcaptchaTextForm
  • Xlanguage
  • XlanguageLanguage
  • XlanguageLanguageForm
  • XlanguagePreload
  • XlanguageTinymceForm
  • XlanguageXlanguageHandler
  • Xmf\Database\TableLoad
  • Xmf\Database\Tables
  • Xmf\Debug
  • Xmf\FilterInput
  • Xmf\Highlighter
  • Xmf\Language
  • Xmf\Loader
  • Xmf\Metagen
  • Xmf\Module\Admin
  • Xmf\Module\Cache
  • Xmf\Module\Helper
  • Xmf\Module\Helper\AbstractHelper
  • Xmf\Module\Helper\GenericHelper
  • Xmf\Module\Permission
  • Xmf\Module\Session
  • Xmf\Request
  • Xmf\Template\AbstractTemplate
  • Xmf\Template\Breadcrumb
  • Xmf\Template\Buttonbox
  • Xmf\Template\Feed
  • Xmf\Template\PrintContent
  • Xmf\Utilities
  • Xmf\Yaml
  • XmfPreload
  • XmlTagHandler
  • Xoops
  • Xoops\Auth\Ads
  • Xoops\Auth\AuthAbstract
  • Xoops\Auth\Factory
  • Xoops\Auth\Ldap
  • Xoops\Auth\Provisioning
  • Xoops\Auth\Xoops
  • Xoops\Cache
  • Xoops\Core\Assets
  • Xoops\Core\Cache\Access
  • Xoops\Core\Cache\CacheManager
  • Xoops\Core\Cache\DriverList
  • Xoops\Core\Cache\Legacy
  • Xoops\Core\ComposerUtility
  • Xoops\Core\Database\Connection
  • Xoops\Core\Database\Factory
  • Xoops\Core\Database\Logging\XoopsDebugStack
  • Xoops\Core\Database\QueryBuilder
  • Xoops\Core\Database\Schema\ExportVisitor
  • Xoops\Core\Database\Schema\ImportSchema
  • Xoops\Core\Database\Schema\PrefixStripper
  • Xoops\Core\Database\Schema\RemovePrefixes
  • Xoops\Core\Events
  • Xoops\Core\FilterInput
  • Xoops\Core\FixedGroups
  • Xoops\Core\Handler\Factory
  • Xoops\Core\Handler\FactorySpec
  • Xoops\Core\Handler\Scheme\FQN
  • Xoops\Core\Handler\Scheme\Kernel
  • Xoops\Core\Handler\Scheme\LegacyModule
  • Xoops\Core\HttpRequest
  • Xoops\Core\Kernel\Criteria
  • Xoops\Core\Kernel\CriteriaCompo
  • Xoops\Core\Kernel\CriteriaElement
  • Xoops\Core\Kernel\Dtype
  • Xoops\Core\Kernel\Dtype\DtypeAbstract
  • Xoops\Core\Kernel\Dtype\DtypeArray
  • Xoops\Core\Kernel\Dtype\DtypeDateTime
  • Xoops\Core\Kernel\Dtype\DtypeDecimal
  • Xoops\Core\Kernel\Dtype\DtypeEmail
  • Xoops\Core\Kernel\Dtype\DtypeEnumeration
  • Xoops\Core\Kernel\Dtype\DtypeFloat
  • Xoops\Core\Kernel\Dtype\DtypeInt
  • Xoops\Core\Kernel\Dtype\DtypeJson
  • Xoops\Core\Kernel\Dtype\DtypeMoney
  • Xoops\Core\Kernel\Dtype\DtypeOther
  • Xoops\Core\Kernel\Dtype\DtypeSimpleTime
  • Xoops\Core\Kernel\Dtype\DtypeSource
  • Xoops\Core\Kernel\Dtype\DtypeTextArea
  • Xoops\Core\Kernel\Dtype\DtypeTextBox
  • Xoops\Core\Kernel\Dtype\DtypeTimeZone
  • Xoops\Core\Kernel\Dtype\DtypeUrl
  • Xoops\Core\Kernel\Handlers\XoopsBlock
  • Xoops\Core\Kernel\Handlers\XoopsBlockHandler
  • Xoops\Core\Kernel\Handlers\XoopsBlockModuleLink
  • Xoops\Core\Kernel\Handlers\XoopsBlockModuleLinkHandler
  • Xoops\Core\Kernel\Handlers\XoopsConfigHandler
  • Xoops\Core\Kernel\Handlers\XoopsConfigItem
  • Xoops\Core\Kernel\Handlers\XoopsConfigItemHandler
  • Xoops\Core\Kernel\Handlers\XoopsConfigOption
  • Xoops\Core\Kernel\Handlers\XoopsConfigOptionHandler
  • Xoops\Core\Kernel\Handlers\XoopsGroup
  • Xoops\Core\Kernel\Handlers\XoopsGroupHandler
  • Xoops\Core\Kernel\Handlers\XoopsGroupPerm
  • Xoops\Core\Kernel\Handlers\XoopsGroupPermHandler
  • Xoops\Core\Kernel\Handlers\XoopsMemberHandler
  • Xoops\Core\Kernel\Handlers\XoopsMembership
  • Xoops\Core\Kernel\Handlers\XoopsMembershipHandler
  • Xoops\Core\Kernel\Handlers\XoopsModule
  • Xoops\Core\Kernel\Handlers\XoopsModuleHandler
  • Xoops\Core\Kernel\Handlers\XoopsOnline
  • Xoops\Core\Kernel\Handlers\XoopsOnlineHandler
  • Xoops\Core\Kernel\Handlers\XoopsPrivateMessage
  • Xoops\Core\Kernel\Handlers\XoopsPrivateMessageHandler
  • Xoops\Core\Kernel\Handlers\XoopsTplFile
  • Xoops\Core\Kernel\Handlers\XoopsTplFileHandler
  • Xoops\Core\Kernel\Handlers\XoopsTplSet
  • Xoops\Core\Kernel\Handlers\XoopsTplSetHandler
  • Xoops\Core\Kernel\Handlers\XoopsUser
  • Xoops\Core\Kernel\Handlers\XoopsUserHandler
  • Xoops\Core\Kernel\Model\Joint
  • Xoops\Core\Kernel\Model\Read
  • Xoops\Core\Kernel\Model\Stats
  • Xoops\Core\Kernel\Model\Sync
  • Xoops\Core\Kernel\Model\Write
  • Xoops\Core\Kernel\XoopsModelAbstract
  • Xoops\Core\Kernel\XoopsModelFactory
  • Xoops\Core\Kernel\XoopsObject
  • Xoops\Core\Kernel\XoopsObjectHandler
  • Xoops\Core\Kernel\XoopsPersistableObjectHandler
  • Xoops\Core\Lists\Country
  • Xoops\Core\Lists\Directory
  • Xoops\Core\Lists\Editor
  • Xoops\Core\Lists\File
  • Xoops\Core\Lists\HtmlFile
  • Xoops\Core\Lists\ImageFile
  • Xoops\Core\Lists\ListAbstract
  • Xoops\Core\Lists\Locale
  • Xoops\Core\Lists\Module
  • Xoops\Core\Lists\Month
  • Xoops\Core\Lists\SubjectIcon
  • Xoops\Core\Lists\SubSet
  • Xoops\Core\Lists\Theme
  • Xoops\Core\Lists\Time
  • Xoops\Core\Lists\TimeZone
  • Xoops\Core\Locale\LegacyCodes
  • Xoops\Core\Locale\Punic\Calendar
  • Xoops\Core\Locale\Time
  • Xoops\Core\Logger
  • Xoops\Core\MediaUploader
  • Xoops\Core\MimeTypes
  • Xoops\Core\PreloadItem
  • Xoops\Core\Psr0ClassLoader
  • Xoops\Core\Psr4ClassLoader
  • Xoops\Core\Random
  • Xoops\Core\Registry
  • Xoops\Core\Request
  • Xoops\Core\Security
  • Xoops\Core\Service\AbstractContract
  • Xoops\Core\Service\Manager
  • Xoops\Core\Service\NullProvider
  • Xoops\Core\Service\Provider
  • Xoops\Core\Service\Response
  • Xoops\Core\Session\Fingerprint
  • Xoops\Core\Session\Handler
  • Xoops\Core\Session\Manager
  • Xoops\Core\Session\RememberMe
  • Xoops\Core\Session\SessionUser
  • Xoops\Core\Text\Sanitizer
  • Xoops\Core\Text\Sanitizer\Configuration
  • Xoops\Core\Text\Sanitizer\ConfigurationAbstract
  • Xoops\Core\Text\Sanitizer\DefaultConfiguration
  • Xoops\Core\Text\Sanitizer\ExtensionAbstract
  • Xoops\Core\Text\Sanitizer\Extensions\Censor
  • Xoops\Core\Text\Sanitizer\Extensions\Clickable
  • Xoops\Core\Text\Sanitizer\Extensions\Embed
  • Xoops\Core\Text\Sanitizer\Extensions\Flash
  • Xoops\Core\Text\Sanitizer\Extensions\Iframe
  • Xoops\Core\Text\Sanitizer\Extensions\Image
  • Xoops\Core\Text\Sanitizer\Extensions\Mms
  • Xoops\Core\Text\Sanitizer\Extensions\Mp3
  • Xoops\Core\Text\Sanitizer\Extensions\Quote
  • Xoops\Core\Text\Sanitizer\Extensions\Rtsp
  • Xoops\Core\Text\Sanitizer\Extensions\SoundCloud
  • Xoops\Core\Text\Sanitizer\Extensions\SyntaxHighlight
  • Xoops\Core\Text\Sanitizer\Extensions\TextFilter
  • Xoops\Core\Text\Sanitizer\Extensions\UnorderedList
  • Xoops\Core\Text\Sanitizer\Extensions\Wiki
  • Xoops\Core\Text\Sanitizer\Extensions\Wmp
  • Xoops\Core\Text\Sanitizer\Extensions\XoopsCode
  • Xoops\Core\Text\Sanitizer\Extensions\Xss
  • Xoops\Core\Text\Sanitizer\Extensions\YouTube
  • Xoops\Core\Text\Sanitizer\FilterAbstract
  • Xoops\Core\Text\Sanitizer\NullExtension
  • Xoops\Core\Text\Sanitizer\NullFilter
  • Xoops\Core\Text\Sanitizer\SanitizerComponent
  • Xoops\Core\Text\Sanitizer\SanitizerConfigurable
  • Xoops\Core\Text\ShortCodes
  • Xoops\Core\Theme\AdminFactory
  • Xoops\Core\Theme\Factory
  • Xoops\Core\Theme\NullTheme
  • Xoops\Core\Theme\PluginAbstract
  • Xoops\Core\Theme\Plugins\Blocks
  • Xoops\Core\Theme\XoopsTheme
  • Xoops\Core\XoopsTpl
  • Xoops\Core\Yaml
  • Xoops\Form\BlockForm
  • Xoops\Form\Button
  • Xoops\Form\ButtonTray
  • Xoops\Form\Captcha
  • Xoops\Form\Checkbox
  • Xoops\Form\ColorPicker
  • Xoops\Form\DateSelect
  • Xoops\Form\DateTime
  • Xoops\Form\DhtmlTextArea
  • Xoops\Form\Editor
  • Xoops\Form\Element
  • Xoops\Form\ElementFactory
  • Xoops\Form\ElementTray
  • Xoops\Form\File
  • Xoops\Form\Form
  • Xoops\Form\GroupCheckbox
  • Xoops\Form\GroupFormCheckbox
  • Xoops\Form\GroupPermissionForm
  • Xoops\Form\Hidden
  • Xoops\Form\Label
  • Xoops\Form\Mail
  • Xoops\Form\OptionElement
  • Xoops\Form\Password
  • Xoops\Form\Radio
  • Xoops\Form\RadioYesNo
  • Xoops\Form\Raw
  • Xoops\Form\Select
  • Xoops\Form\SelectCountry
  • Xoops\Form\SelectEditor
  • Xoops\Form\SelectGroup
  • Xoops\Form\SelectLanguage
  • Xoops\Form\SelectLocale
  • Xoops\Form\SelectMatchOption
  • Xoops\Form\SelectTheme
  • Xoops\Form\SelectTimeZone
  • Xoops\Form\SelectUser
  • Xoops\Form\SimpleForm
  • Xoops\Form\Tab
  • Xoops\Form\TableForm
  • Xoops\Form\TabTray
  • Xoops\Form\Text
  • Xoops\Form\TextArea
  • Xoops\Form\ThemeForm
  • Xoops\Form\Token
  • Xoops\Form\Url
  • Xoops\Html\Attributes
  • Xoops\Html\Img
  • Xoops\Locale
  • Xoops\Locale\AbstractLocale
  • Xoops\Module\Admin
  • Xoops\Module\Helper
  • Xoops\Module\Helper\Dummy
  • Xoops\Module\Helper\HelperAbstract
  • Xoops\Module\Plugin
  • Xoops\Module\Plugin\ConfigCollector
  • Xoops\Module\Plugin\PluginAbstract
  • Xoops\Utils
  • Xoops_Locale_Mailer_Abstract
  • XoopsAdminThemeFactory
  • XoopsApi
  • XoopsArt
  • XoopsBaseConfig
  • XoopsBlock
  • XoopsBlockHandler
  • XoopsBlockmodulelink
  • XoopsBlockmodulelinkHandler
  • XoopsCache
  • XoopsCaptcha
  • XoopsCaptchaImage
  • XoopsCaptchaImageHandler
  • XoopsCaptchaMethod
  • XoopsCaptchaRecaptcha
  • XoopsCaptchaText
  • XoopsConfigHandler
  • XoopsConfigItem
  • XoopsConfigItemHandler
  • XoopsConfigOption
  • XoopsConfigOptionHandler
  • XoopsDatabase
  • XoopsDatabaseFactory
  • XoopsDatabaseManager
  • XoopsDownloader
  • XoopsEditor
  • XoopsEditorHandler
  • XoopsFile
  • XoopsFileHandler
  • XoopsFilterInput
  • XoopsFolderHandler
  • XoopsForm
  • XoopsFormButton
  • XoopsFormButtonTray
  • XoopsFormCaptcha
  • XoopsFormCheckBox
  • XoopsFormColorPicker
  • XoopsFormDateTime
  • XoopsFormDhtmlTextArea
  • XoopsFormEditor
  • XoopsFormElement
  • XoopsFormElementTray
  • XoopsFormFile
  • XoopsFormHidden
  • XoopsFormHiddenToken
  • XoopsFormLabel
  • XoopsFormPassword
  • XoopsFormRadio
  • XoopsFormRadioYN
  • XoopsFormSelect
  • XoopsFormSelectCheckGroup
  • XoopsFormSelectCountry
  • XoopsFormSelectEditor
  • XoopsFormSelectGroup
  • XoopsFormSelectLang
  • XoopsFormSelectMatchOption
  • XoopsFormSelectTheme
  • XoopsFormSelectTimezone
  • XoopsFormSelectUser
  • XoopsFormText
  • XoopsFormTextArea
  • XoopsFormTextDateSelect
  • XoopsFormTinymce
  • XoopsFormTinymce4
  • XoopsGroup
  • XoopsGroupHandler
  • XoopsGroupPerm
  • XoopsGroupPermForm
  • XoopsGroupPermHandler
  • XoopsGTicket
  • XoopsGuiDefault
  • XoopsInstallWizard
  • XoopsLists
  • XoopsLoad
  • XoopsLocal
  • XoopsLocale
  • XoopsLocaleEn_US
  • XoopsLogger
  • XoopsMailer
  • XoopsMailerLocal
  • XoopsMailerLocale
  • XoopsMediaUploader
  • XoopsMemberHandler
  • XoopsMembership
  • XoopsMembershipHandler
  • XoopsModule
  • XoopsModuleHandler
  • XoopsMultiMailer
  • XoopsMySQLDatabase
  • XoopsMySQLDatabaseProxy
  • XoopsMySQLDatabaseSafe
  • XoopsObject
  • XoopsObjectHandler
  • XoopsObjectTree
  • XoopsOnline
  • XoopsOnlineHandler
  • XoopsPageNav
  • XoopsPathController
  • XoopsPersistableObjectHandler
  • XoopsPreload
  • XoopsPreloadItem
  • XoopsPrivmessage
  • XoopsPrivmessageHandler
  • XoopsRequest
  • XoopsSecurity
  • XoopsSimpleForm
  • XoopsTableForm
  • XoopsTarDownloader
  • XoopsTheme
  • XoopsThemeBlocksPlugin
  • XoopsThemeFactory
  • XoopsThemeForm
  • XoopsThemePlugin
  • XoopsThemeSetParser
  • XoopsTpl
  • XoopsTplfile
  • XoopsTplfileHandler
  • XoopsTplset
  • XoopsTplsetHandler
  • XoopsUser
  • XoopsUserHandler
  • XoopsUserUtility
  • XoopsUtility
  • XoopsXmlRpcApi
  • XoopsXmlRpcArray
  • XoopsXmlRpcBase64
  • XoopsXmlRpcBoolean
  • XoopsXmlRpcDatetime
  • XoopsXmlRpcDocument
  • XoopsXmlRpcDouble
  • XoopsXmlRpcFault
  • XoopsXmlRpcInt
  • XoopsXmlRpcParser
  • XoopsXmlRpcRequest
  • XoopsXmlRpcResponse
  • XoopsXmlRpcString
  • XoopsXmlRpcStruct
  • XoopsXmlRpcTag
  • XoopsXmlRss2Parser
  • XoopsZipDownloader
  • zipfile

Interfaces

  • CommentsPluginInterface
  • MenusDecoratorInterface
  • MenusPluginInterface
  • NotificationsPluginInterface
  • SearchPluginInterface
  • SystemPluginInterface
  • UserconfigsPluginInterface
  • Xoops\Core\AttributeInterface
  • Xoops\Core\Handler\Scheme\SchemeInterface
  • Xoops\Core\Service\Contract\AvatarInterface
  • Xoops\Core\Service\Contract\CountryflagInterface
  • Xoops\Core\Service\Contract\EmojiInterface
  • Xoops\Core\Service\Contract\HtmlToPdfInterface
  • Xoops\Core\Service\Contract\QrcodeInterface
  • Xoops\Core\Service\Contract\ThumbnailInterface
  • Xoops\Core\Service\Contract\UserRankInterface
  • Xoops\Core\Session\FingerprintInterface
  • Xoops\Form\ContainerInterface

Exceptions

  • Xoops\Core\Exception\InvalidHandlerSpecException
  • Xoops\Core\Exception\NoHandlerException

Functions

  • _changeMimeValue
  • _clearAddSessionVars
  • _clearEditSessionVars
  • _ee
  • _recaptcha_aes_encrypt
  • _recaptcha_aes_pad
  • _recaptcha_http_post
  • _recaptcha_mailhide_email_parts
  • _recaptcha_mailhide_urlbase64
  • _recaptcha_qsencode
  • _tt
  • add
  • addCriteria
  • admin_refcheck
  • b_comments_edit
  • b_comments_show
  • b_notification_show
  • b_search_show
  • b_system_info_edit
  • b_system_info_show
  • b_system_login_show
  • b_system_main_edit
  • b_system_main_show
  • b_system_newmembers_edit
  • b_system_newmembers_show
  • b_system_online_show
  • b_system_themes_edit
  • b_system_themes_show
  • b_system_topposters_edit
  • b_system_topposters_show
  • b_system_user_show
  • b_system_waiting_show
  • b_xlanguage_select_edit
  • b_xlanguage_select_show
  • banners_blocks_edit
  • banners_blocks_show
  • base_url
  • buildRssFeedCache
  • buildTable
  • check_files_extensions_on_path
  • check_files_extensions_on_phar
  • checkEmail
  • clearAddSession
  • clearEditSession
  • config_loading
  • create_folder
  • create_img
  • create_img_gd
  • createConfigform
  • createDir
  • createThemeform
  • dateSort
  • debugger
  • delete
  • deleteDir
  • duplicate_file
  • edit
  • endsWith
  • exception_handler
  • extensionSort
  • file_put_contents
  • filenameSort
  • filescount
  • fix_dirname
  • fix_filename
  • fix_get_params
  • fix_path
  • fix_strtolower
  • fix_strtoupper
  • foldersize
  • formatTimestamp
  • formatURL
  • genPathCheckHtml
  • get_file_by_url
  • get_writeoks_from_protector
  • getBrightness
  • getDbConnection
  • getDbConnectionParams
  • getDirList
  • handle_uploaded_files
  • http_response_code
  • image_check_memory_usage
  • install_acceptUser
  • install_finalize
  • installHtmlSpecialCharacters
  • is_function_callable
  • is_really_writable
  • load_functions
  • load_object
  • load_objectHandler
  • loadModuleAdminMenu
  • makeSize
  • manage
  • menus_block_edit
  • menus_block_show
  • menus_mainmenu_show
  • mod_clearCacheFile
  • mod_clearConfg
  • mod_clearConfig
  • mod_clearFile
  • mod_clearSmartyCache
  • mod_constant
  • mod_createCacheFile
  • mod_createCacheFile_byGroup
  • mod_createFile
  • mod_DB_prefix
  • mod_fetchConfg
  • mod_fetchConfig
  • mod_generateCacheId
  • mod_generateCacheId_byGroup
  • mod_getDirname
  • mod_getMysqlVersion
  • mod_isModuleAction
  • mod_loadCacheFile
  • mod_loadCacheFile_byGroup
  • mod_loadConfg
  • mod_loadConfig
  • mod_loadFile
  • mod_loadFunctions
  • mod_loadRenderer
  • mod_message
  • modify_chmod
  • new_thumbnails_creation
  • normalizeColor
  • page_blocks_edit
  • page_blocks_show
  • profile_getRegisterForm
  • profile_getUserForm
  • profile_install_addCategory
  • profile_install_addField
  • profile_install_addStep
  • profile_install_initializeProfiles
  • profile_install_setPermissions
  • protector_ip_cmp
  • protector_postcheck
  • protector_precheck
  • publisher_category_items_sel_edit
  • publisher_category_items_sel_show
  • publisher_cloneFileFolder
  • publisher_createLogo
  • publisher_date_to_date_edit
  • publisher_date_to_date_show
  • publisher_displayCategory
  • publisher_editCat
  • publisher_editFile
  • publisher_editItem
  • publisher_items_columns_edit
  • publisher_items_columns_show
  • publisher_items_menu_edit
  • publisher_items_menu_show
  • publisher_items_new_edit
  • publisher_items_new_show
  • publisher_items_random_item_show
  • publisher_items_recent_edit
  • publisher_items_recent_show
  • publisher_items_spot_edit
  • publisher_items_spot_show
  • publisher_latest_files_edit
  • publisher_latest_files_show
  • publisher_latest_news_edit
  • publisher_latest_news_show
  • publisher_mk_chkbox
  • publisher_mk_select
  • publisher_pagewrap_upload
  • publisher_search
  • publisher_search_show
  • publisher_tag_iteminfo
  • publisher_tag_synchronization
  • rcopy
  • recaptcha_check_answer
  • recaptcha_get_html
  • recaptcha_get_signup_url
  • recaptcha_mailhide_html
  • recaptcha_mailhide_url
  • redirect_header
  • rename_file
  • rename_folder
  • rrename
  • rrename_after_cleaner
  • search
  • sizeSort
  • smarty_block_assets
  • smarty_block_noshortcodes
  • smarty_compiler_xoAdminIcons
  • smarty_compiler_xoAdminNav
  • smarty_compiler_xoAppUrl
  • smarty_compiler_xoImgUrl
  • smarty_compiler_xoModuleIcons16
  • smarty_compiler_xoModuleIcons32
  • smarty_compiler_xoModuleIconsBookmarks
  • smarty_function_addBaseScript
  • smarty_function_addBaseStylesheet
  • smarty_function_securityToken
  • smarty_function_thumbnail
  • smarty_function_translate
  • smarty_function_translateTheme
  • smarty_function_xoblock
  • smarty_function_xoInboxCount
  • smarty_function_xoMemberInfo
  • smarty_function_xoops_link
  • smarty_function_xoPageNav
  • smarty_modifier_datetime
  • smarty_modifier_debug_print_var
  • smarty_outputfilter_shortcodes
  • synchronize
  • system_AdminIcons
  • system_adminVersion
  • system_cleanVars
  • system_loadLanguage
  • system_loadTemplate
  • updateMimeValue
  • userTimeToServerTime
  • xhtmlspecialchars
  • xlanguage_convert_encoding
  • xlanguage_convert_item
  • xlanguage_copyfile
  • xlanguage_detectLang
  • xlanguage_encoding
  • xlanguage_lang_detect
  • xlanguage_mkdirs
  • xlanguage_ml
  • xlanguage_ml_escape_bracket
  • xlanguage_select_show
  • xoBoolField
  • xoDiag
  • xoDiagBoolSetting
  • xoDiagIfWritable
  • xoFormField
  • xoops_comment_count
  • xoops_comment_delete
  • xoops_confirm
  • xoops_convert_encoding
  • xoops_cp_footer
  • xoops_cp_header
  • xoops_error
  • xoops_footer
  • xoops_getActiveModules
  • xoops_getbanner
  • xoops_getBaseDomain
  • xoops_getConfigOption
  • xoops_getcss
  • xoops_getenv
  • xoops_getHandler
  • xoops_getMailer
  • xoops_getModuleHandler
  • xoops_getModuleOption
  • xoops_getOption
  • xoops_getrank
  • xoops_getUrlDomain
  • xoops_getUserTimestamp
  • xoops_groupperm_deletebymoditem
  • xoops_header
  • xoops_isActiveModule
  • xoops_load
  • xoops_loadLanguage
  • xoops_makepass
  • xoops_message
  • xoops_module_install_avatars
  • xoops_module_install_banners
  • xoops_module_install_comments
  • xoops_module_install_debugbar
  • xoops_module_install_notifications
  • xoops_module_install_page
  • xoops_module_install_pm
  • xoops_module_install_profile
  • xoops_module_install_publisher
  • xoops_module_install_smilies
  • xoops_module_install_system
  • xoops_module_install_userrank
  • xoops_module_install_xlanguage
  • xoops_module_pre_uninstall_comments
  • xoops_module_pre_uninstall_notifications
  • xoops_module_update_comments
  • xoops_module_update_debugbar
  • xoops_module_update_notifications
  • xoops_module_update_pm
  • xoops_module_update_profile
  • xoops_module_update_publisher
  • xoops_module_update_search
  • xoops_module_update_system
  • xoops_module_update_xlanguage
  • xoops_notification_deletebyitem
  • xoops_notification_deletebymodule
  • xoops_notification_deletebyuser
  • xoops_result
  • xoops_setActiveModules
  • xoops_setConfigOption
  • xoops_substr
  • xoops_template_clear_module_cache
  • xoops_template_touch
  • xoops_trim
  • xoops_utf8_encode
  • xoopseditor_get_rootpath
  • xoPassField
  • xoPhpVersion
  • Overview
  • Namespace
  • Class
  • Tree
   1: <?php
   2: /*
   3:  You may not change or alter any portion of this comment or credits
   4:  of supporting developers from this source code or any supporting source code
   5:  which is considered copyrighted (c) material of the original comment or credit authors.
   6: 
   7:  This program is distributed in the hope that it will be useful,
   8:  but WITHOUT ANY WARRANTY; without even the implied warranty of
   9:  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10: */
  11: 
  12: /**
  13:  * Protector
  14:  *
  15:  * @copyright       XOOPS Project (http://xoops.org)
  16:  * @license         GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
  17:  * @package         protector
  18:  * @author          trabis <lusopoemas@gmail.com>
  19:  * @version         $Id$
  20:  */
  21: 
  22: class Protector
  23: {
  24:     var $mydirname;
  25: 
  26:     var $_conn = null;
  27: 
  28:     var $_conf = array();
  29: 
  30:     var $_conf_serialized = '';
  31: 
  32:     var $_bad_globals = array();
  33: 
  34:     var $message = '';
  35: 
  36:     var $warning = false;
  37: 
  38:     var $error = false;
  39: 
  40:     var $_doubtful_requests = array();
  41: 
  42:     var $_bigumbrella_doubtfuls = array();
  43: 
  44:     var $_dblayertrap_doubtfuls = array();
  45: 
  46:     var $_dblayertrap_doubtful_needles = array(
  47:         'information_schema', 'select', "'", '"',
  48:     );
  49: 
  50:     var $_logged = false;
  51: 
  52:     var $_done_badext = false;
  53: 
  54:     var $_done_intval = false;
  55: 
  56:     var $_done_dotdot = false;
  57: 
  58:     var $_done_nullbyte = false;
  59: 
  60:     var $_done_contami = false;
  61: 
  62:     var $_done_isocom = false;
  63: 
  64:     var $_done_union = false;
  65: 
  66:     var $_done_dos = false;
  67: 
  68:     var $_safe_badext = true;
  69: 
  70:     var $_safe_contami = true;
  71: 
  72:     var $_safe_isocom = true;
  73: 
  74:     var $_safe_union = true;
  75: 
  76:     var $_spamcount_uri = 0;
  77: 
  78:     var $_should_be_banned_time0 = false;
  79: 
  80:     var $_should_be_banned = false;
  81: 
  82:     var $_dos_stage = null;
  83: 
  84:     var $ip_matched_info = null;
  85: 
  86:     var $last_error_type = 'UNKNOWN';
  87: 
  88:     // Constructor
  89:     function __construct()
  90:     {
  91:         $this->mydirname = 'protector';
  92: 
  93:         // Preferences from configs/cache
  94:         $this->_conf_serialized = @file_get_contents($this->get_filepath4confighcache());
  95:         $this->_conf = @unserialize($this->_conf_serialized);
  96:         if (empty($this->_conf)) {
  97:             $this->_conf = array();
  98:         }
  99: 
 100:         if (!empty($this->_conf['global_disabled'])) {
 101:             return true;
 102:         }
 103: 
 104:         // die if PHP_SELF XSS found (disabled in 2.53)
 105:         //  if( preg_match( '/[<>\'";\n ]/' , @$_SERVER['PHP_SELF'] ) ) {
 106:         //      $this->message .= "Invalid PHP_SELF '{$_SERVER['PHP_SELF']}' found.\n" ;
 107:         //      $this->output_log( 'PHP_SELF XSS' ) ;
 108:         //      die( 'invalid PHP_SELF' ) ;
 109:         //  }
 110: 
 111:         // sanitize against PHP_SELF/PATH_INFO XSS (disabled in 3.33)
 112:         //  $_SERVER['PHP_SELF'] = strtr( @$_SERVER['PHP_SELF'] , array( '<' => '%3C' , '>' => '%3E' , "'" => '%27' , '"' => '%22' ) ) ;
 113:         //  if( ! empty( $_SERVER['PATH_INFO'] ) ) $_SERVER['PATH_INFO'] = strtr( @$_SERVER['PATH_INFO'] , array( '<' => '%3C' , '>' => '%3E' , "'" => '%27' , '"' => '%22' ) ) ;
 114: 
 115:         $this->_bad_globals = array(
 116:             'GLOBALS', '_SESSION', 'HTTP_SESSION_VARS', '_GET', 'HTTP_GET_VARS', '_POST', 'HTTP_POST_VARS', '_COOKIE',
 117:             'HTTP_COOKIE_VARS', '_SERVER', 'HTTP_SERVER_VARS', '_REQUEST', '_ENV', '_FILES', 'xoopsDB', 'xoopsUser',
 118:             'xoopsUserId', 'xoopsUserGroups', 'xoopsUserIsAdmin', 'xoopsConfig', 'xoopsOption', 'xoopsModule',
 119:             'xoopsModuleConfig'
 120:         );
 121: 
 122:         $this->_initial_recursive($_GET, 'G');
 123:         $this->_initial_recursive($_POST, 'P');
 124:         $this->_initial_recursive($_COOKIE, 'C');
 125:         return true;
 126:     }
 127: 
 128:     /**
 129:      * @param string $key
 130:      */
 131:     function _initial_recursive($val, $key)
 132:     {
 133:         if (is_array($val)) {
 134:             foreach ($val as $subkey => $subval) {
 135:                 // check bad globals
 136:                 if (in_array($subkey, $this->_bad_globals, true)) {
 137:                     $this->message .= "Attempt to inject '$subkey' was found.\n";
 138:                     $this->_safe_contami = false;
 139:                     $this->last_error_type = 'CONTAMI';
 140:                 }
 141:                 $this->_initial_recursive($subval, $key . '_' . base64_encode($subkey));
 142:             }
 143:         } else {
 144:             // check nullbyte attack
 145:             if (@$this->_conf['san_nullbyte'] && strstr($val, chr(0))) {
 146:                 $val = str_replace(chr(0), ' ', $val);
 147:                 $this->replace_doubtful($key, $val);
 148:                 $this->message .= "Injecting Null-byte '$val' found.\n";
 149:                 $this->output_log('NullByte', 0, false, 32);
 150:                 // $this->purge() ;
 151:             }
 152: 
 153:             // register as doubtful requests against SQL Injections
 154:             if (preg_match('?[\s\'"`/]?', $val)) {
 155:                 $this->_doubtful_requests["$key"] = $val;
 156:             }
 157:         }
 158:     }
 159: 
 160:     static public function &getInstance()
 161:     {
 162:         static $instance;
 163:         if (!isset($instance)) {
 164:             $instance = new Protector();
 165:         }
 166:         return $instance;
 167:     }
 168: 
 169:     function updateConfFromDb()
 170:     {
 171:         if (empty($this->_conn)) {
 172:             return false;
 173:         }
 174: 
 175:         $result = @mysql_query("SELECT conf_name,conf_value FROM " . \XoopsBaseConfig::get('db-prefix') . "_config WHERE conf_title like '" . "_MI_PROTECTOR%'", $this->_conn);
 176:         if (!$result || mysql_num_rows($result) < 5) {
 177:             return false;
 178:         }
 179:         $db_conf = array();
 180:         while (list($key, $val) = mysql_fetch_row($result)) {
 181:             $db_conf[$key] = $val;
 182:         }
 183:         $db_conf_serialized = serialize($db_conf);
 184: 
 185:         // update config cache
 186:         if ($db_conf_serialized != $this->_conf_serialized) {
 187:             $fp = fopen($this->get_filepath4confighcache(), 'w');
 188:             fwrite($fp, $db_conf_serialized);
 189:             fclose($fp);
 190:             $this->_conf = $db_conf;
 191:         }
 192:         return true;
 193:     }
 194: 
 195:     function setConn($conn)
 196:     {
 197:         $this->_conn = $conn;
 198:     }
 199: 
 200:     function getConf()
 201:     {
 202:         return $this->_conf;
 203:     }
 204: 
 205:     function purge($redirect_to_top = false)
 206:     {
 207:         // clear all session values
 208:         if (isset($_SESSION)) {
 209:             foreach ($_SESSION as $key => $val) {
 210:                 $_SESSION[$key] = '';
 211:                 if (isset($GLOBALS[$key])) {
 212:                     $GLOBALS[$key] = '';
 213:                 }
 214:             }
 215:         }
 216: 
 217:         if (!headers_sent()) {
 218:             // clear typical session id of PHP
 219:             setcookie('PHPSESSID', '', time() - 3600, '/', '', 0);
 220:             if (isset($_COOKIE[session_name()])) {
 221:                 setcookie(session_name(), '', time() - 3600, '/', '', 0);
 222:             }
 223: 
 224:             // clear autologin cookie
 225:             $xoops_cookie_path = defined('XOOPS_COOKIE_PATH') ? XOOPS_COOKIE_PATH : preg_replace('?http://[^/]+(/.*)$?', "$1", XOOPS_URL);
 226:             if ($xoops_cookie_path == \XoopsBaseConfig::get('url')) {
 227:                 $xoops_cookie_path = '/';
 228:             }
 229:             setcookie('autologin_uname', '', time() - 3600, $xoops_cookie_path, '', 0);
 230:             setcookie('autologin_pass', '', time() - 3600, $xoops_cookie_path, '', 0);
 231:         }
 232: 
 233:         if ($redirect_to_top) {
 234:             header('Location: ' . \XoopsBaseConfig::get('url') . '/');
 235:             exit;
 236:         } else {
 237:             $ret = $this->call_filter('prepurge_exit');
 238:             if ($ret == false) {
 239:                 die('Protector detects attacking actions');
 240:             }
 241:         }
 242:     }
 243: 
 244:     function output_log($type = 'UNKNOWN', $uid = 0, $unique_check = false, $level = 1)
 245:     {
 246:         if ($this->_logged) {
 247:             return true;
 248:         }
 249: 
 250:         if (!($this->_conf['log_level'] & $level)) {
 251:             return true;
 252:         }
 253: 
 254:         if (empty($this->_conn)) {
 255:             $this->_conn = @mysql_connect(\XoopsBaseConfig::get('db-host'), \XoopsBaseConfig::get('db-user'), \XoopsBaseConfig::get('db-pass'));
 256:             if (!$this->_conn) {
 257:                 die('db connection failed.');
 258:             }
 259:             if (!mysql_select_db(\XoopsBaseConfig::get('db-name'), $this->_conn)) {
 260:                 die('db selection failed.');
 261:             }
 262:         }
 263: 
 264:         $ip = @$_SERVER['REMOTE_ADDR'];
 265:         $agent = @$_SERVER['HTTP_USER_AGENT'];
 266: 
 267:         if ($unique_check) {
 268:             $result = mysql_query('SELECT ip,type FROM ' . \XoopsBaseConfig::get('db-prefix') . '_' . $this->mydirname . '_log ORDER BY timestamp DESC LIMIT 1', $this->_conn);
 269:             list($last_ip, $last_type) = mysql_fetch_row($result);
 270:             if ($last_ip == $ip && $last_type == $type) {
 271:                 $this->_logged = true;
 272:                 return true;
 273:             }
 274:         }
 275: 
 276:         mysql_query("INSERT INTO " . XOOPS_DB_PREFIX . "_" . $this->mydirname . "_log SET ip='" . addslashes($ip) . "',agent='" . addslashes($agent) . "',type='" . addslashes($type) . "',description='" . addslashes($this->message) . "',uid='" . (int)($uid) . "',timestamp=NOW()", $this->_conn);
 277:         $this->_logged = true;
 278:         return true;
 279:     }
 280: 
 281:     /**
 282:      * @param integer $expire
 283:      */
 284:     function write_file_bwlimit($expire)
 285:     {
 286:         $expire = min((int)($expire), time() + 300);
 287: 
 288:         $fp = @fopen($this->get_filepath4bwlimit(), 'w');
 289:         if ($fp) {
 290:             @flock($fp, LOCK_EX);
 291:             fwrite($fp, $expire . "\n");
 292:             @flock($fp, LOCK_UN);
 293:             fclose($fp);
 294:             return true;
 295:         } else {
 296:             return false;
 297:         }
 298:     }
 299: 
 300:     function get_bwlimit()
 301:     {
 302:         list($expire) = @file(Protector::get_filepath4bwlimit());
 303:         $expire = min((int)($expire), time() + 300);
 304: 
 305:         return $expire;
 306:     }
 307: 
 308:     function get_filepath4bwlimit()
 309:     {
 310:         return \XoopsBaseConfig::get('trust-path') . '/modules/protector/configs/bwlimit' . substr(md5(\XoopsBaseConfig::get('root-path') . \XoopsBaseConfig::get('db-user') . \XoopsBaseConfig::get('db-prefix')), 0, 6);
 311:     }
 312: 
 313:     function write_file_badips($bad_ips)
 314:     {
 315:         asort($bad_ips);
 316: 
 317:         $fp = @fopen($this->get_filepath4badips(), 'w');
 318:         if ($fp) {
 319:             @flock($fp, LOCK_EX);
 320:             fwrite($fp, serialize($bad_ips) . "\n");
 321:             @flock($fp, LOCK_UN);
 322:             fclose($fp);
 323:             return true;
 324:         } else {
 325:             return false;
 326:         }
 327:     }
 328: 
 329:     function register_bad_ips($jailed_time = 0, $ip = null)
 330:     {
 331:         if (empty($ip)) {
 332:             $ip = @$_SERVER['REMOTE_ADDR'];
 333:         }
 334:         if (empty($ip)) {
 335:             return false;
 336:         }
 337: 
 338:         $bad_ips = $this->get_bad_ips(true);
 339:         $bad_ips[$ip] = $jailed_time ? $jailed_time : 0x7fffffff;
 340: 
 341:         return $this->write_file_badips($bad_ips);
 342:     }
 343: 
 344:     function get_bad_ips($with_jailed_time = false)
 345:     {
 346:         list($bad_ips_serialized) = @file(Protector::get_filepath4badips());
 347:         $bad_ips = empty($bad_ips_serialized) ? array() : @unserialize($bad_ips_serialized);
 348:         if (!is_array($bad_ips) || isset($bad_ips[0])) {
 349:             $bad_ips = array();
 350:         }
 351: 
 352:         // expire jailed_time
 353:         $pos = 0;
 354:         foreach ($bad_ips as $bad_ip => $jailed_time) {
 355:             if ($jailed_time >= time()) {
 356:                 break;
 357:             }
 358:             ++$pos;
 359:         }
 360:         $bad_ips = array_slice($bad_ips, $pos);
 361: 
 362:         if ($with_jailed_time) {
 363:             return $bad_ips;
 364:         } else {
 365:             return array_keys($bad_ips);
 366:         }
 367:     }
 368: 
 369:     function get_filepath4badips()
 370:     {
 371:         return \XoopsBaseConfig::get('root-path') . '/modules/protector/configs/badips' . substr(md5(\XoopsBaseConfig::get('root-path') . \XoopsBaseConfig::get('db-user') . \XoopsBaseConfig::get('db-prefix')), 0, 6);
 372:     }
 373: 
 374:     function get_group1_ips($with_info = false)
 375:     {
 376:         list($group1_ips_serialized) = @file(Protector::get_filepath4group1ips());
 377:         $group1_ips = empty($group1_ips_serialized) ? array() : @unserialize($group1_ips_serialized);
 378:         if (!is_array($group1_ips)) {
 379:             $group1_ips = array();
 380:         }
 381: 
 382:         if ($with_info) {
 383:             $group1_ips = array_flip($group1_ips);
 384:         }
 385: 
 386:         return $group1_ips;
 387:     }
 388: 
 389:     function get_filepath4group1ips()
 390:     {
 391:         return \XoopsBaseConfig::get('var-path') . '/configs/protector_group1ips_' . substr(md5(\XoopsBaseConfig::get('root-path') . \XoopsBaseConfig::get('db-user') . \XoopsBaseConfig::get('db-prefix')), 0, 6);
 392:     }
 393: 
 394:     function get_filepath4confighcache()
 395:     {
 396:         return XOOPS_VAR_PATH . '/configs/protector_configcache_' . substr(md5(XOOPS_ROOT_PATH . XOOPS_DB_USER . XOOPS_DB_PREFIX), 0, 6);
 397:     }
 398: 
 399:     function ip_match($ips)
 400:     {
 401:         foreach ($ips as $ip => $info) {
 402:             if ($ip) {
 403:                 switch (substr($ip, -1)) {
 404:                     case '.' :
 405:                         // foward match
 406:                         if (substr(@$_SERVER['REMOTE_ADDR'], 0, strlen($ip)) == $ip) {
 407:                             $this->ip_matched_info = $info;
 408:                             return true;
 409:                         }
 410:                         break;
 411:                     case '0' :
 412:                     case '1' :
 413:                     case '2' :
 414:                     case '3' :
 415:                     case '4' :
 416:                     case '5' :
 417:                     case '6' :
 418:                     case '7' :
 419:                     case '8' :
 420:                     case '9' :
 421:                         // full match
 422:                         if (@$_SERVER['REMOTE_ADDR'] == $ip) {
 423:                             $this->ip_matched_info = $info;
 424:                             return true;
 425:                         }
 426:                         break;
 427:                     default :
 428:                         // perl regex
 429:                         if (@preg_match($ip, @$_SERVER['REMOTE_ADDR'])) {
 430:                             $this->ip_matched_info = $info;
 431:                             return true;
 432:                         }
 433:                         break;
 434:                 }
 435:             }
 436:         }
 437:         $this->ip_matched_info = null;
 438:         return false;
 439:     }
 440: 
 441:     function deny_by_htaccess($ip = null)
 442:     {
 443:         if (empty($ip)) {
 444:             $ip = @$_SERVER['REMOTE_ADDR'];
 445:         }
 446:         if (empty($ip)) {
 447:             return false;
 448:         }
 449:         if (!function_exists('file_get_contents')) {
 450:             return false;
 451:         }
 452: 
 453:         $target_htaccess = \XoopsBaseConfig::get('root-path') . '/.htaccess';
 454:         $backup_htaccess = \XoopsBaseConfig::get('root-path') . '/uploads/.htaccess.bak';
 455: 
 456:         $ht_body = file_get_contents($target_htaccess);
 457: 
 458:         // make backup as uploads/.htaccess.bak automatically
 459:         if ($ht_body && !XoopsLoad::fileExists($backup_htaccess)) {
 460:             $fw = fopen($backup_htaccess, "w");
 461:             fwrite($fw, $ht_body);
 462:             fclose($fw);
 463:         }
 464: 
 465:         // if .htaccess is broken, restore from backup
 466:         if (!$ht_body && XoopsLoad::fileExists($backup_htaccess)) {
 467:             $ht_body = file_get_contents($backup_htaccess);
 468:         }
 469: 
 470:         // new .htaccess
 471:         if ($ht_body === false) {
 472:             $ht_body = '';
 473:         }
 474: 
 475:         if (preg_match("/^(.*)#PROTECTOR#\s+(DENY FROM .*)\n#PROTECTOR#\n(.*)$/si", $ht_body, $regs)) {
 476:             if (substr($regs[2], -strlen($ip)) == $ip) {
 477:                 return true;
 478:             }
 479:             $new_ht_body = $regs[1] . "#PROTECTOR#\n" . $regs[2] . " $ip\n#PROTECTOR#\n" . $regs[3];
 480:         } else {
 481:             $new_ht_body = "#PROTECTOR#\nDENY FROM $ip\n#PROTECTOR#\n" . $ht_body;
 482:         }
 483: 
 484:         // error_log( "$new_ht_body\n" , 3 , "/tmp/error_log" ) ;
 485: 
 486:         $fw = fopen($target_htaccess, "w");
 487:         @flock($fw, LOCK_EX);
 488:         fwrite($fw, $new_ht_body);
 489:         @flock($fw, LOCK_UN);
 490:         fclose($fw);
 491: 
 492:         return true;
 493:     }
 494: 
 495:     function getDblayertrapDoubtfuls()
 496:     {
 497:         return $this->_dblayertrap_doubtfuls;
 498:     }
 499: 
 500:     function _dblayertrap_check_recursive($val)
 501:     {
 502:         if (is_array($val)) {
 503:             foreach ($val as $subval) {
 504:                 $this->_dblayertrap_check_recursive($subval);
 505:             }
 506:         } else {
 507:             if (strlen($val) < 6) {
 508:                 return;
 509:             }
 510:             $val = get_magic_quotes_gpc() ? stripslashes($val) : $val;
 511:             foreach ($this->_dblayertrap_doubtful_needles as $needle) {
 512:                 if (stristr($val, $needle)) {
 513:                     $this->_dblayertrap_doubtfuls[] = $val;
 514:                 }
 515:             }
 516:         }
 517:     }
 518: 
 519:     function dblayertrap_init($force_override = false)
 520:     {
 521:         if (!empty($GLOBALS['xoopsOption']['nocommon']) || defined('_LEGACY_PREVENT_EXEC_COMMON_') || defined('_LEGACY_PREVENT_LOAD_CORE_')) {
 522:             return;
 523:         } // skip
 524: 
 525:         $this->_dblayertrap_doubtfuls = array();
 526:         $this->_dblayertrap_check_recursive($_GET);
 527:         $this->_dblayertrap_check_recursive($_POST);
 528:         $this->_dblayertrap_check_recursive($_COOKIE);
 529:         if (empty($this->_conf['dblayertrap_wo_server'])) {
 530:             $this->_dblayertrap_check_recursive($_SERVER);
 531:         }
 532: 
 533:         if (!empty($this->_dblayertrap_doubtfuls) || $force_override) {
 534:             @define('XOOPS_DB_ALTERNATIVE', 'ProtectorMysqlDatabase');
 535:             require_once dirname(__DIR__) . '/class/ProtectorMysqlDatabase.class.php';
 536:         }
 537:     }
 538: 
 539:     function _bigumbrella_check_recursive($val)
 540:     {
 541:         if (is_array($val)) {
 542:             foreach ($val as $subval) {
 543:                 $this->_bigumbrella_check_recursive($subval);
 544:             }
 545:         } else {
 546:             if (preg_match('/[<\'"].{15}/s', $val, $regs)) {
 547:                 $this->_bigumbrella_doubtfuls[] = $regs[0];
 548:             }
 549:         }
 550:     }
 551: 
 552:     function bigumbrella_init()
 553:     {
 554:         $this->_bigumbrella_doubtfuls = array();
 555:         $this->_bigumbrella_check_recursive($_GET);
 556:         $this->_bigumbrella_check_recursive(@$_SERVER['PHP_SELF']);
 557: 
 558:         if (!empty($this->_bigumbrella_doubtfuls)) {
 559:             ob_start(array($this, 'bigumbrella_outputcheck'));
 560:         }
 561:     }
 562: 
 563:     function bigumbrella_outputcheck($s)
 564:     {
 565:         if (defined('BIGUMBRELLA_DISABLED')) {
 566:             return $s;
 567:         }
 568: 
 569:         if (function_exists('headers_list')) {
 570:             foreach (headers_list() as $header) {
 571:                 if (stristr($header, 'Content-Type:') && !stristr($header, 'text/html')) {
 572:                     return $s;
 573:                 }
 574:             }
 575:         }
 576: 
 577:         if (!is_array($this->_bigumbrella_doubtfuls)) {
 578:             return "bigumbrella injection found.";
 579:         }
 580: 
 581:         foreach ($this->_bigumbrella_doubtfuls as $doubtful) {
 582:             if (strstr($s, $doubtful)) {
 583:                 return "XSS found by Protector.";
 584:             }
 585:         }
 586:         return $s;
 587:     }
 588: 
 589:     function intval_allrequestsendid()
 590:     {
 591:         global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;
 592: 
 593:         if ($this->_done_intval) {
 594:             return true;
 595:         } else {
 596:             $this->_done_intval = true;
 597:         }
 598: 
 599:         foreach ($_GET as $key => $val) {
 600:             if (substr($key, -2) === 'id' && !is_array($_GET[$key])) {
 601:                 $newval = preg_replace('/[^0-9a-zA-Z_-]/', '', $val);
 602:                 $_GET[$key] = $HTTP_GET_VARS[$key] = $newval;
 603:                 if ($_REQUEST[$key] == $_GET[$key]) {
 604:                     $_REQUEST[$key] = $newval;
 605:                 }
 606:             }
 607:         }
 608:         foreach ($_POST as $key => $val) {
 609:             if (substr($key, -2) === 'id' && !is_array($_POST[$key])) {
 610:                 $newval = preg_replace('/[^0-9a-zA-Z_-]/', '', $val);
 611:                 $_POST[$key] = $HTTP_POST_VARS[$key] = $newval;
 612:                 if ($_REQUEST[$key] == $_POST[$key]) {
 613:                     $_REQUEST[$key] = $newval;
 614:                 }
 615:             }
 616:         }
 617:         foreach ($_COOKIE as $key => $val) {
 618:             if (substr($key, -2) === 'id' && !is_array($_COOKIE[$key])) {
 619:                 $newval = preg_replace('/[^0-9a-zA-Z_-]/', '', $val);
 620:                 $_COOKIE[$key] = $HTTP_COOKIE_VARS[$key] = $newval;
 621:                 if ($_REQUEST[$key] == $_COOKIE[$key]) {
 622:                     $_REQUEST[$key] = $newval;
 623:                 }
 624:             }
 625:         }
 626: 
 627:         return true;
 628:     }
 629: 
 630:     function eliminate_dotdot()
 631:     {
 632:         global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;
 633: 
 634:         if ($this->_done_dotdot) {
 635:             return true;
 636:         } else {
 637:             $this->_done_dotdot = true;
 638:         }
 639: 
 640:         foreach ($_GET as $key => $val) {
 641:             if (is_array($_GET[$key])) {
 642:                 continue;
 643:             }
 644:             if (substr(trim($val), 0, 3) === '../' || strstr($val, '../../')) {
 645:                 $this->last_error_type = 'DirTraversal';
 646:                 $this->message .= "Directory Traversal '$val' found.\n";
 647:                 $this->output_log($this->last_error_type, 0, false, 64);
 648:                 $sanitized_val = str_replace(chr(0), '', $val);
 649:                 if (substr($sanitized_val, -2) !== ' .') {
 650:                     $sanitized_val .= ' .';
 651:                 }
 652:                 $_GET[$key] = $HTTP_GET_VARS[$key] = $sanitized_val;
 653:                 if ($_REQUEST[$key] == $_GET[$key]) {
 654:                     $_REQUEST[$key] = $sanitized_val;
 655:                 }
 656:             }
 657:         }
 658:         /*  foreach( $_POST as $key => $val ) {
 659:           if( is_array( $_POST[ $key ] ) ) continue ;
 660:           if( substr( trim( $val ) , 0 , 3 ) == '../' || strstr( $val , '../../' ) ) {
 661:               $this->last_error_type = 'ParentDir' ;
 662:               $this->message .= "Doubtful file specification '$val' found.\n" ;
 663:               $this->output_log( $this->last_error_type , 0 , false , 128 ) ;
 664:               $sanitized_val = str_replace( chr(0) , '' , $val ) ;
 665:               if( substr( $sanitized_val , -2 ) != ' .' ) $sanitized_val .= ' .' ;
 666:               $_POST[ $key ] = $HTTP_POST_VARS[ $key ] = $sanitized_val ;
 667:               if( $_REQUEST[ $key ] == $_POST[ $key ] ){
 668:                   $_REQUEST[ $key ] = $sanitized_val ;
 669:               }
 670:           }
 671:       }
 672:       foreach( $_COOKIE as $key => $val ) {
 673:           if( is_array( $_COOKIE[ $key ] ) ) continue ;
 674:           if( substr( trim( $val ) , 0 , 3 ) == '../' || strstr( $val , '../../' ) ) {
 675:               $this->last_error_type = 'ParentDir' ;
 676:               $this->message .= "Doubtful file specification '$val' found.\n" ;
 677:               $this->output_log( $this->last_error_type , 0 , false , 128 ) ;
 678:               $sanitized_val = str_replace( chr(0) , '' , $val ) ;
 679:               if( substr( $sanitized_val , -2 ) != ' .' ) $sanitized_val .= ' .' ;
 680:               $_COOKIE[ $key ] = $HTTP_COOKIE_VARS[ $key ] = $sanitized_val ;
 681:               if( $_REQUEST[ $key ] == $_COOKIE[ $key ] ){
 682:                   $_REQUEST[ $key ] = $sanitized_val ;
 683:               }
 684:           }
 685:       }*/
 686: 
 687:         return true;
 688:     }
 689: 
 690:     function &get_ref_from_base64index(&$current, $indexes)
 691:     {
 692:         foreach ($indexes as $index) {
 693:             $index = base64_decode($index);
 694:             if (!is_array($current)) {
 695:                 return false;
 696:             }
 697:             $current =& $current[$index];
 698:         }
 699:         return $current;
 700:     }
 701: 
 702:     function replace_doubtful($key, $val)
 703:     {
 704:         global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;
 705: 
 706:         $index_expression = '';
 707:         $indexes = explode('_', $key);
 708:         $base_array = array_shift($indexes);
 709: 
 710:         switch ($base_array) {
 711:             case 'G' :
 712:                 $main_ref =& $this->get_ref_from_base64index($_GET, $indexes);
 713:                 $legacy_ref =& $this->get_ref_from_base64index($HTTP_GET_VARS, $indexes);
 714:                 break;
 715:             case 'P' :
 716:                 $main_ref =& $this->get_ref_from_base64index($_POST, $indexes);
 717:                 $legacy_ref =& $this->get_ref_from_base64index($HTTP_POST_VARS, $indexes);
 718:                 break;
 719:             case 'C' :
 720:                 $main_ref =& $this->get_ref_from_base64index($_COOKIE, $indexes);
 721:                 $legacy_ref =& $this->get_ref_from_base64index($HTTP_COOKIE_VARS, $indexes);
 722:                 break;
 723:             default :
 724:                 exit;
 725:         }
 726:         if (!isset($main_ref)) {
 727:             exit;
 728:         }
 729:         $request_ref =& $this->get_ref_from_base64index($_REQUEST, $indexes);
 730:         if ($request_ref !== false && $main_ref == $request_ref) {
 731:             $request_ref = $val;
 732:         }
 733:         $main_ref = $val;
 734:         $legacy_ref = $val;
 735:     }
 736: 
 737:     function check_uploaded_files()
 738:     {
 739:         if ($this->_done_badext) {
 740:             return $this->_safe_badext;
 741:         } else {
 742:             $this->_done_badext = true;
 743:         }
 744: 
 745:         // extensions never uploaded
 746:         $bad_extensions = array('php', 'phtml', 'phtm', 'php3', 'php4', 'cgi', 'pl', 'asp');
 747:         // extensions needed image check (anti-IE Content-Type XSS)
 748:         $image_extensions = array(
 749:             1  => 'gif', 2 => 'jpg', 3 => 'png', 4 => 'swf', 5 => 'psd', 6 => 'bmp', 7 => 'tif', 8 => 'tif', 9 => 'jpc',
 750:             10 => 'jp2', 11 => 'jpx', 12 => 'jb2', 13 => 'swc', 14 => 'iff', 15 => 'wbmp', 16 => 'xbm'
 751:         );
 752: 
 753:         foreach ($_FILES as $_file) {
 754:             if (!empty($_file['error'])) {
 755:                 continue;
 756:             }
 757:             if (!empty($_file['name']) && is_string($_file['name'])) {
 758:                 $ext = strtolower(substr(strrchr($_file['name'], '.'), 1));
 759:                 if ($ext === 'jpeg') {
 760:                     $ext = 'jpg';
 761:                 } else {
 762:                     if ($ext === 'tiff') {
 763:                         $ext = 'tif';
 764:                     }
 765:                 }
 766: 
 767:                 // anti multiple dot file (Apache mod_mime.c)
 768:                 if (count(explode('.', str_replace('.tar.gz', '.tgz', $_file['name']))) > 2) {
 769:                     $this->message .= "Attempt to multiple dot file {$_file['name']}.\n";
 770:                     $this->_safe_badext = false;
 771:                     $this->last_error_type = 'UPLOAD';
 772:                 }
 773: 
 774:                 // anti dangerous extensions
 775:                 if (in_array($ext, $bad_extensions)) {
 776:                     $this->message .= "Attempt to upload {$_file['name']}.\n";
 777:                     $this->_safe_badext = false;
 778:                     $this->last_error_type = 'UPLOAD';
 779:                 }
 780: 
 781:                 // anti camouflaged image file
 782:                 if (in_array($ext, $image_extensions)) {
 783:                     $image_attributes = @getimagesize($_file['tmp_name']);
 784:                     if ($image_attributes === false && is_uploaded_file($_file['tmp_name'])) {
 785:                         // open_basedir restriction
 786:                         $temp_file = \XoopsBaseConfig::get('root-path') . '/uploads/protector_upload_temporary' . md5(time());
 787:                         move_uploaded_file($_file['tmp_name'], $temp_file);
 788:                         $image_attributes = @getimagesize($temp_file);
 789:                         @unlink($temp_file);
 790:                     }
 791: 
 792:                     if ($image_attributes === false || $image_extensions[(int)($image_attributes[2])] != $ext) {
 793:                         $this->message .= "Attempt to upload camouflaged image file {$_file['name']}.\n";
 794:                         $this->_safe_badext = false;
 795:                         $this->last_error_type = 'UPLOAD';
 796:                     }
 797:                 }
 798:             }
 799:         }
 800: 
 801:         return $this->_safe_badext;
 802:     }
 803: 
 804:     function check_contami_systemglobals()
 805:     {
 806:         /*  if( $this->_done_contami ) return $this->_safe_contami ;
 807:       else $this->_done_contami = true ; */
 808: 
 809:         /*  foreach( $this->_bad_globals as $bad_global ) {
 810:           if( isset( $_REQUEST[ $bad_global ] ) ) {
 811:               $this->message .= "Attempt to inject '$bad_global' was found.\n" ;
 812:               $this->_safe_contami = false ;
 813:               $this->last_error_type = 'CONTAMI' ;
 814:           }
 815:       }*/
 816: 
 817:         return $this->_safe_contami;
 818:     }
 819: 
 820:     function check_sql_isolatedcommentin($sanitize = true)
 821:     {
 822:         if ($this->_done_isocom) {
 823:             return $this->_safe_isocom;
 824:         } else {
 825:             $this->_done_isocom = true;
 826:         }
 827: 
 828:         foreach ($this->_doubtful_requests as $key => $val) {
 829:             $str = $val;
 830:             while ($str = strstr($str, '/*')) { /* */
 831:                 $str = strstr(substr($str, 2), '*/');
 832:                 if ($str === false) {
 833:                     $this->message .= "Isolated comment-in found. ($val)\n";
 834:                     if ($sanitize) {
 835:                         $this->replace_doubtful($key, $val . '*/');
 836:                     }
 837:                     $this->_safe_isocom = false;
 838:                     $this->last_error_type = 'ISOCOM';
 839:                 }
 840:             }
 841:         }
 842:         return $this->_safe_isocom;
 843:     }
 844: 
 845:     function check_sql_union($sanitize = true)
 846:     {
 847:         if ($this->_done_union) {
 848:             return $this->_safe_union;
 849:         } else {
 850:             $this->_done_union = true;
 851:         }
 852: 
 853:         foreach ($this->_doubtful_requests as $key => $val) {
 854: 
 855:             $str = str_replace(array('/*', '*/'), '', preg_replace('?/\*.+\*/?sU', '', $val));
 856:             if (preg_match('/\sUNION\s+(ALL|SELECT)/i', $str)) {
 857:                 $this->message .= "Pattern like SQL injection found. ($val)\n";
 858:                 if ($sanitize) {
 859:                     $this->replace_doubtful($key, preg_replace('/union/i', 'uni-on', $val));
 860:                 }
 861:                 $this->_safe_union = false;
 862:                 $this->last_error_type = 'UNION';
 863:             }
 864:         }
 865:         return $this->_safe_union;
 866:     }
 867: 
 868:     function stopforumspam($uid)
 869:     {
 870:         if (!function_exists('curl_init')) {
 871:             return false;
 872:         }
 873: 
 874:         if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
 875:             return false;
 876:         }
 877: 
 878:         $query = "f=serial&ip=" . $_SERVER['REMOTE_ADDR'];
 879:         $query .= isset($_POST['email']) ? "&email=" . $_POST['email'] : '';
 880:         $query .= isset($_POST['uname']) ? "&username=" . $_POST['uname'] : '';
 881:         $url = "http://www.stopforumspam.com/api?" . $query;
 882:         $ch = curl_init();
 883:         curl_setopt($ch, CURLOPT_URL, $url);
 884:         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 885:         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
 886:         $result = unserialize(curl_exec($ch));
 887:         curl_close($ch);
 888: 
 889:         $spammer = false;
 890:         if (isset($result['email']) && isset($result['email']['lastseen'])) {
 891:             $spammer = true;
 892:         }
 893: 
 894:         if (isset($result['ip']) && isset($result['ip']['lastseen'])) {
 895:             $last = strtotime($result['ip']['lastseen']);
 896:             $oneMonth = 60 * 60 * 24 * 31;
 897:             $oneMonthAgo = time() - $oneMonth;
 898:             if ($last > $oneMonthAgo) {
 899:                 $spammer = true;
 900:             }
 901:         }
 902: 
 903:         if (!$spammer) {
 904:             return false;
 905:         }
 906: 
 907:         $this->last_error_type = 'SPAMMER POST';
 908: 
 909:         switch ($this->_conf['stopforumspam_action']) {
 910:             default :
 911:             case 'log' :
 912:                 break;
 913:             case 'san' :
 914:                 $_POST = array();
 915:                 $this->message .= "POST deleted for IP:" . $_SERVER['REMOTE_ADDR'];
 916:                 break;
 917:             case 'biptime0' :
 918:                 $_POST = array();
 919:                 $this->message .= "BAN and POST deleted for IP:" . $_SERVER['REMOTE_ADDR'];
 920:                 $this->_should_be_banned_time0 = true;
 921:                 break;
 922:             case 'bip' :
 923:                 $_POST = array();
 924:                 $this->message .= "Ban and POST deleted for IP:" . $_SERVER['REMOTE_ADDR'];
 925:                 $this->_should_be_banned = true;
 926:                 break;
 927:         }
 928: 
 929:         $this->output_log($this->last_error_type, $uid, false, 16);
 930: 
 931:         return true;
 932:     }
 933: 
 934:     function check_dos_attack($uid = 0, $can_ban = false)
 935:     {
 936:         $xoops = Xoops::getInstance();
 937:         $xoops->db();
 938:         global $xoopsDB;
 939:         $db = $xoopsDB;
 940: 
 941:         if ($this->_done_dos) {
 942:             return true;
 943:         }
 944: 
 945:         $ip = @$_SERVER['REMOTE_ADDR'];
 946:         $uri = @$_SERVER['REQUEST_URI'];
 947:         $ip4sql = addslashes($ip);
 948:         $uri4sql = addslashes($uri);
 949:         if (empty($ip) || $ip == '') {
 950:             return true;
 951:         }
 952: 
 953:         // gargage collection
 954:         $result = $db->queryF("DELETE FROM " . $db->prefix($this->mydirname . "_access") . " WHERE expire < UNIX_TIMESTAMP()");
 955: 
 956:         // for older versions before updating this module
 957:         if ($result === false) {
 958:             $this->_done_dos = true;
 959:             return true;
 960:         }
 961: 
 962:         // sql for recording access log (INSERT should be placed after SELECT)
 963:         $sql4insertlog = "INSERT INTO " . $db->prefix($this->mydirname . "_access") . " SET ip='$ip4sql',request_uri='$uri4sql',expire=UNIX_TIMESTAMP()+'" . (int)($this->_conf['dos_expire']) . "'";
 964: 
 965:         // bandwidth limitation
 966:         if (@$this->_conf['bwlimit_count'] >= 10) {
 967:             $result = $db->query("SELECT COUNT(*) FROM " . $db->prefix($this->mydirname . "_access"));
 968:             list($bw_count) = $db->fetchRow($result);
 969:             if ($bw_count > $this->_conf['bwlimit_count']) {
 970:                 $this->write_file_bwlimit(time() + $this->_conf['dos_expire']);
 971:             }
 972:         }
 973: 
 974:         // F5 attack check (High load & same URI)
 975:         $result = $db->query("SELECT COUNT(*) FROM " . $db->prefix($this->mydirname . "_access") . " WHERE ip='$ip4sql' AND request_uri='$uri4sql'");
 976:         list($f5_count) = $db->fetchRow($result);
 977:         if ($f5_count > $this->_conf['dos_f5count']) {
 978: 
 979:             // delayed insert
 980:             $db->queryF($sql4insertlog);
 981: 
 982:             // extends the expires of the IP with 5 minutes at least (pending)
 983:             // $result = $xoopsDB->queryF( "UPDATE ".$xoopsDB->prefix($this->mydirname."_access")." SET expire=UNIX_TIMESTAMP()+300 WHERE ip='$ip4sql' AND expire<UNIX_TIMESTAMP()+300" ) ;
 984: 
 985:             // call the filter first
 986:             $ret = $this->call_filter('f5attack_overrun');
 987: 
 988:             // actions for F5 Attack
 989:             $this->_done_dos = true;
 990:             $this->last_error_type = 'DoS';
 991:             switch ($this->_conf['dos_f5action']) {
 992:                 default :
 993:                 case 'exit' :
 994:                     $this->output_log($this->last_error_type, $uid, true, 16);
 995:                     exit;
 996:                 case 'none' :
 997:                     $this->output_log($this->last_error_type, $uid, true, 16);
 998:                     return true;
 999:                 case 'biptime0' :
1000:                     if ($can_ban) {
1001:                         $this->register_bad_ips(time() + $this->_conf['banip_time0']);
1002:                     }
1003:                     break;
1004:                 case 'bip' :
1005:                     if ($can_ban) {
1006:                         $this->register_bad_ips();
1007:                     }
1008:                     break;
1009:                 case 'hta' :
1010:                     if ($can_ban) {
1011:                         $this->deny_by_htaccess();
1012:                     }
1013:                     break;
1014:                 case 'sleep' :
1015:                     sleep(5);
1016:                     break;
1017:             }
1018:             return false;
1019:         }
1020: 
1021:         // Check its Agent
1022:         if (trim($this->_conf['dos_crsafe']) != '' && preg_match($this->_conf['dos_crsafe'], @$_SERVER['HTTP_USER_AGENT'])) {
1023:             // welcomed crawler
1024:             $this->_done_dos = true;
1025:             return true;
1026:         }
1027: 
1028:         // Crawler check (High load & different URI)
1029:         $result = $db->query("SELECT COUNT(*) FROM " . $db->prefix($this->mydirname . "_access") . " WHERE ip='$ip4sql'");
1030:         list($crawler_count) = $db->fetchRow($result);
1031: 
1032:         // delayed insert
1033:         $db->queryF($sql4insertlog);
1034: 
1035:         if ($crawler_count > $this->_conf['dos_crcount']) {
1036: 
1037:             // call the filter first
1038:             $ret = $this->call_filter('crawler_overrun');
1039: 
1040:             // actions for bad Crawler
1041:             $this->_done_dos = true;
1042:             $this->last_error_type = 'CRAWLER';
1043:             switch ($this->_conf['dos_craction']) {
1044:                 default :
1045:                 case 'exit' :
1046:                     $this->output_log($this->last_error_type, $uid, true, 16);
1047:                     exit;
1048:                 case 'none' :
1049:                     $this->output_log($this->last_error_type, $uid, true, 16);
1050:                     return true;
1051:                 case 'biptime0' :
1052:                     if ($can_ban) {
1053:                         $this->register_bad_ips(time() + $this->_conf['banip_time0']);
1054:                     }
1055:                     break;
1056:                 case 'bip' :
1057:                     if ($can_ban) {
1058:                         $this->register_bad_ips();
1059:                     }
1060:                     break;
1061:                 case 'hta' :
1062:                     if ($can_ban) {
1063:                         $this->deny_by_htaccess();
1064:                     }
1065:                     break;
1066:                 case 'sleep' :
1067:                     sleep(5);
1068:                     break;
1069:             }
1070:             return false;
1071:         }
1072: 
1073:         return true;
1074:     }
1075: 
1076:     //
1077:     function check_brute_force()
1078:     {
1079:         $xoops = Xoops::getInstance();
1080:         $xoops->db();
1081:         global $xoopsDB;
1082:         $ip = @$_SERVER['REMOTE_ADDR'];
1083:         $uri = @$_SERVER['REQUEST_URI'];
1084:         $ip4sql = addslashes($ip);
1085:         $uri4sql = addslashes($uri);
1086:         if (empty($ip) || $ip == '') {
1087:             return true;
1088:         }
1089: 
1090:         $victim_uname = empty($_COOKIE['autologin_uname']) ? $_POST['uname'] : $_COOKIE['autologin_uname'];
1091:         // some UA send 'deleted' as a value of the deleted cookie.
1092:         if ($victim_uname === 'deleted') {
1093:             return;
1094:         }
1095:         $mal4sql = addslashes("BRUTE FORCE: $victim_uname");
1096: 
1097:         // gargage collection
1098:         $result = $xoopsDB->queryF("DELETE FROM " . $xoopsDB->prefix($this->mydirname . "_access") . " WHERE expire < UNIX_TIMESTAMP()");
1099: 
1100:         // sql for recording access log (INSERT should be placed after SELECT)
1101:         $sql4insertlog = "INSERT INTO " . $xoopsDB->prefix($this->mydirname . "_access") . " SET ip='$ip4sql',request_uri='$uri4sql',malicious_actions='$mal4sql',expire=UNIX_TIMESTAMP()+600";
1102: 
1103:         // count check
1104:         $result = $xoopsDB->query("SELECT COUNT(*) FROM " . $xoopsDB->prefix($this->mydirname . "_access") . " WHERE ip='$ip4sql' AND malicious_actions like 'BRUTE FORCE:%'");
1105:         list($bf_count) = $xoopsDB->fetchRow($result);
1106:         if ($bf_count > $this->_conf['bf_count']) {
1107:             $this->register_bad_ips(time() + $this->_conf['banip_time0']);
1108:             $this->last_error_type = 'BruteForce';
1109:             $this->message .= "Trying to login as '" . addslashes($victim_uname) . "' found.\n";
1110:             $this->output_log('BRUTE FORCE', 0, true, 1);
1111:             $ret = $this->call_filter('bruteforce_overrun');
1112:             if ($ret == false) {
1113:                 exit;
1114:             }
1115:         }
1116:         // delayed insert
1117:         $xoopsDB->queryF($sql4insertlog);
1118:     }
1119: 
1120:     function _spam_check_point_recursive($val)
1121:     {
1122:         if (is_array($val)) {
1123:             foreach ($val as $subval) {
1124:                 $this->_spam_check_point_recursive($subval);
1125:             }
1126:         } else {
1127:             // http_host
1128:             $path_array = parse_url(\XoopsBaseConfig::get('url'));
1129:             $http_host = empty($path_array['host']) ? 'www.xoops.org' : $path_array['host'];
1130: 
1131:             // count URI up
1132:             $count = -1;
1133:             foreach (preg_split('#https?\:\/\/#i', $val) as $fragment) {
1134:                 if (strncmp($fragment, $http_host, strlen($http_host)) !== 0) {
1135:                     ++$count;
1136:                 }
1137:             }
1138:             if ($count > 0) {
1139:                 $this->_spamcount_uri += $count;
1140:             }
1141: 
1142:             // count BBCode likd [url=www....] up (without [url=http://...])
1143:             $this->_spamcount_uri += count(preg_split('/\[url=(?!http|\\"http|\\\'http|' . $http_host . ')/i', $val)) - 1;
1144:         }
1145:     }
1146: 
1147:     /**
1148:      * @param integer $points4deny
1149:      */
1150:     function spam_check($points4deny, $uid)
1151:     {
1152:         $this->_spamcount_uri = 0;
1153:         $this->_spam_check_point_recursive($_POST);
1154: 
1155:         if ($this->_spamcount_uri >= $points4deny) {
1156:             $this->message .= @$_SERVER['REQUEST_URI'] . " SPAM POINT: $this->_spamcount_uri\n";
1157:             $this->output_log('URI SPAM', $uid, false, 128);
1158:             $ret = $this->call_filter('spamcheck_overrun');
1159:             if ($ret == false) {
1160:                 exit;
1161:             }
1162:         }
1163:     }
1164: 
1165:     function disable_features()
1166:     {
1167:         global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS;
1168: 
1169:         // disable "Notice: Undefined index: ..."
1170:         $error_reporting_level = error_reporting(0);
1171: 
1172:         //
1173:         // bit 1 : disable XMLRPC , criteria bug
1174:         //
1175:         if ($this->_conf['disable_features'] & 1) {
1176: 
1177:             // zx 2005/1/5 disable xmlrpc.php in root
1178:             if ( /* ! stristr( $_SERVER['SCRIPT_NAME'] , 'modules' ) && */
1179:                 substr(@$_SERVER['SCRIPT_NAME'], -10) === 'xmlrpc.php'
1180:             ) {
1181:                 $this->output_log('xmlrpc', 0, true, 1);
1182:                 exit;
1183:             }
1184: 
1185:             // security bug of class/criteria.php 2005/6/27
1186:             if ($_POST['uname'] === '0' || $_COOKIE['autologin_pass'] === '0') {
1187:                 $this->output_log('CRITERIA');
1188:                 exit;
1189:             }
1190:         }
1191: 
1192:         //
1193:         // bit 11 : XSS+CSRFs in XOOPS < 2.0.10
1194:         //
1195:         if ($this->_conf['disable_features'] & 1024) {
1196: 
1197:             // root controllers
1198:             if (!stristr(@$_SERVER['SCRIPT_NAME'], 'modules')) {
1199:                 // zx 2004/12/13 misc.php debug (file check)
1200:                 if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'debug' || $_POST['type'] === 'debug') && !preg_match('/^dummy_[0-9]+\.html$/', $_GET['file'])) {
1201:                     $this->output_log('misc debug');
1202:                     exit;
1203:                 }
1204: 
1205:                 // zx 2004/12/13 misc.php smilies
1206:                 if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'smilies' || $_POST['type'] === 'smilies') && !preg_match('/^[0-9a-z_]*$/i', $_GET['target'])) {
1207:                     $this->output_log('misc smilies');
1208:                     exit;
1209:                 }
1210: 
1211:                 // zx 2005/1/5 edituser.php avatarchoose
1212:                 if (substr(@$_SERVER['SCRIPT_NAME'], -12) === 'edituser.php' && $_POST['op'] === 'avatarchoose' && strstr($_POST['user_avatar'], '..')) {
1213:                     $this->output_log('edituser avatarchoose');
1214:                     exit;
1215:                 }
1216:             }
1217: 
1218:             // zx 2005/1/4 findusers
1219:             if (substr(@$_SERVER['SCRIPT_NAME'], -24) === 'modules/system/admin.php' && ($_GET['fct'] === 'findusers' || $_POST['fct'] === 'findusers')) {
1220:                 foreach ($_POST as $key => $val) {
1221:                     if (strstr($key, "'") || strstr($val, "'")) {
1222:                         $this->output_log('findusers');
1223:                         exit;
1224:                     }
1225:                 }
1226:             }
1227: 
1228:             // preview CSRF zx 2004/12/14
1229:             // news submit.php
1230:             if (substr(@$_SERVER['SCRIPT_NAME'], -23) === 'modules/news/submit.php' && isset($_POST['preview']) && strpos(@$_SERVER['HTTP_REFERER'], \XoopsBaseConfig::get('url') . '/modules/news/submit.php') !== 0) {
1231:                 $HTTP_POST_VARS['nohtml'] = $_POST['nohtml'] = 1;
1232:             }
1233:             // news admin/index.php
1234:             if (substr(@$_SERVER['SCRIPT_NAME'], -28) === 'modules/news/admin/index.php' && ($_POST['op'] === 'preview' || $_GET['op'] === 'preview') && strpos(@$_SERVER['HTTP_REFERER'], \XoopsBaseConfig::get('url') . '/modules/news/admin/index.php') !== 0) {
1235:                 $HTTP_POST_VARS['nohtml'] = $_POST['nohtml'] = 1;
1236:             }
1237:             // comment comment_post.php
1238:             if (isset($_POST['com_dopreview']) && !strstr(substr(@$_SERVER['HTTP_REFERER'], -16), 'comment_post.php')) {
1239:                 $HTTP_POST_VARS['dohtml'] = $_POST['dohtml'] = 0;
1240:             }
1241:             // disable preview of system's blocksadmin
1242:             if (substr(@$_SERVER['SCRIPT_NAME'], -24) === 'modules/system/admin.php' && ($_GET['fct'] === 'blocksadmin' || $_POST['fct'] === 'blocksadmin') && isset($_POST['previewblock']) /* && strpos( $_SERVER['HTTP_REFERER'] , \XoopsBaseConfig::get('url').'/modules/system/admin.php' ) !== 0 */) {
1243:                 die("Danger! don't use this preview. Use 'altsys module' instead.(by Protector)");
1244:             }
1245:             // tpl preview
1246:             if (substr(@$_SERVER['SCRIPT_NAME'], -24) === 'modules/system/admin.php' && ($_GET['fct'] === 'tplsets' || $_POST['fct'] === 'tplsets')) {
1247:                 if ($_POST['op'] === 'previewpopup' || $_GET['op'] === 'previewpopup' || isset($_POST['previewtpl'])) {
1248:                     die("Danger! don't use this preview.(by Protector)");
1249:                 }
1250:             }
1251:         }
1252: 
1253:         // restore reporting level
1254:         error_reporting($error_reporting_level);
1255:     }
1256: 
1257:     /**
1258:      * @param string $type
1259:      */
1260:     function call_filter($type, $dying_message = '')
1261:     {
1262:         require_once __DIR__ . '/ProtectorFilter.php';
1263:         $filter_handler = ProtectorFilterHandler::getInstance();
1264:         $ret = $filter_handler->execute($type);
1265:         if ($ret == false && $dying_message) {
1266:             die($dying_message);
1267:         }
1268: 
1269:         return $ret;
1270:     }
1271: }
1272: 
API documentation generated by ApiGen