| [ Index ] |
|
Code source de bblocked 0.6.5 |
1 <?php 2 /*********************************************************\ 3 ****** bblocked Include file ****** 4 ***** ***** 5 **** Copyleft (C) 2007 bblocked **** 6 *** *** 7 ** This program is free software; you can redistribute it and/or ** 8 ** modify it under the terms of the GNU General Public License ** 9 ** as published by the Free Software Foundation; either version 2 ** 10 ** of the License, or (at your option) any later version. ** 11 ** ** 12 ** This program is distributed in the hope that it will be useful, ** 13 ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** 14 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** 15 ** GNU General Public License for more details. ** 16 *** *** 17 **** **** 18 **** http://www.bblocked.org/ ***** 19 ****** ****** 20 \*********************************************************/ 21 22 23 /* Do not remove, prevents direct file access */ 24 if(!defined('BB')) 25 die(); 26 27 28 29 30 31 // Useless Features in PHP 32 33 if((bool)$_config['suppress_errors'] != true) { 34 35 if(@ini_get('register_globals')) 36 die('Register Globals is ON!'); 37 38 if(@ini_get('magic_quotes_sybase')) 39 die('magic_quotes_sybase is ON!'); 40 } 41 42 else 43 error_reporting(0); 44 45 if(get_magic_quotes_runtime()) 46 set_magic_quotes_runtime(0); 47 48 49 50 51 // Prevent Magic Quotes from affecting scripts, regardless of server settings 52 53 // Make sure when reading file data, 54 // PHP doesn't "magically" mangle backslashes! 55 56 if(get_magic_quotes_gpc()) { 57 58 function stripslashes_array($data) { 59 60 if(is_array($data)) { 61 62 foreach($data as $key=>$value) 63 $data[$key] = stripslashes_array($value); 64 65 return $data; 66 } 67 68 else 69 return stripslashes($data); 70 } 71 /* 72 All these global variables are slash-encoded by default, 73 because magic_quotes_gpc is set by default! 74 (And magic_quotes_gpc affects more than just $_GET, $_POST, and $_COOKIE) 75 */ 76 $_SERVER =stripslashes_array($_SERVER); 77 $_GET =stripslashes_array($_GET); 78 $_POST =stripslashes_array($_POST); 79 $_COOKIE =stripslashes_array($_COOKIE); 80 $_FILES =stripslashes_array($_FILES); 81 $_ENV =stripslashes_array($_ENV); 82 $_REQUEST =stripslashes_array($_REQUEST); 83 $HTTP_SERVER_VARS=stripslashes_array($HTTP_SERVER_VARS); 84 $HTTP_GET_VARS =stripslashes_array($HTTP_GET_VARS); 85 $HTTP_POST_VARS =stripslashes_array($HTTP_POST_VARS); 86 $HTTP_COOKIE_VARS=stripslashes_array($HTTP_COOKIE_VARS); 87 $HTTP_POST_FILES =stripslashes_array($HTTP_POST_FILES); 88 $HTTP_ENV_VARS =stripslashes_array($HTTP_ENV_VARS); 89 90 if(isset($_SESSION)) { 91 92 $_SESSION =stripslashes_array($_SESSION, ''); 93 $HTTP_SESSION_VARS=stripslashes_array($HTTP_SESSION_VARS, ''); 94 } 95 /* 96 The $GLOBALS array is also slash-encoded, but when all the above are 97 changed, $GLOBALS is updated to reflect those changes. (Therefore 98 $GLOBALS should never be modified directly). $GLOBALS also contains 99 infinite recursion, so it's dangerous... 100 */ 101 } 102 103 104 105 106 107 // Functions 108 109 function report_errors() { 110 111 require ('error.php'); 112 113 list($url, $class, $type, $die) = array_pad(func_get_args(), 4, null); 114 exit_on_error($url, $class, (is_null($type) ? 'general' : $type), (is_null($die) ? false : $die)); 115 } 116 117 function print_template($template) { 118 119 require ('template.php'); 120 new Template($template); 121 } 122 123 function check_ip($ip, $range_array, &$blocked) { 124 125 foreach($range_array as $v) { 126 127 if(strstr($v, '/')) { 128 129 $range = explode('/', $v); 130 131 $padding = str_repeat(".0", 3 - substr_count($range[0], '.')); 132 $range[0] .= $padding; 133 134 list($a, $b, $c, $d) = explode('.', $range[0]); 135 136 $i = ($a << 24) + ($b << 16) + ($c << 8) + $d; 137 $mask = $range[0] == 0 ? 0 : (~0 << (32 - $range[0])); 138 139 list($a, $b, $c, $d) = explode('.', $ip); 140 $ip = ($a << 24) + ($b << 16) + ($c << 8) + $d; 141 142 if($ip >= ($i & $mask) && $ip <= ($i | (~$mask & 0xFFFFFFFF))) { 143 $blocked = $v; 144 return true; 145 } 146 } 147 148 else if(strstr($v, ':')) { 149 150 $range = explode(':', $v); 151 152 $padding = str_repeat(".0", 3 - substr_count($range[0], '.')); 153 $range[0] .= $padding; 154 155 if((ip2long($ip) & ip2long($range[1])) == (ip2long($range[0]) & ip2long($range[1]))) { 156 $blocked = $v; 157 return true; 158 } 159 } 160 161 else 162 if($ip == $v) { 163 $blocked = $v; 164 return true; 165 } 166 } 167 return false; 168 } 169 170 if($_config['encode_urls'] == 1) { 171 172 function encode_url($url) { return rawurlencode(str_rot13($url)); } 173 function decode_url($url) { return str_replace(array('&', '&'), '&', str_rot13(rawurldecode($url))); } 174 } 175 176 else if($_config['encode_urls'] == 2) { 177 178 function encode_url($url) { return rawurlencode(base64_encode($url)); } 179 function decode_url($url) { return str_replace(array('&', '&'), '&', base64_decode(rawurldecode($url))); } 180 } 181 182 else if($_config['encode_urls'] == 3) { 183 184 function encode_url($url) { 185 186 foreach(preg_split("''", $url) as $char) $out[] = base_convert(ord($char), 10, 35); 187 return rawurlencode(implode(':', $out)); 188 } 189 190 function decode_url($url) { 191 192 foreach(explode(':', rawurldecode($url)) as $char) $out .= chr(base_convert(str_replace(array('&', '&'), '&', $char), 35, 10)); 193 return trim($out); 194 } 195 } 196 197 else { 198 199 function encode_url($url) { return rawurlencode($url); } 200 function decode_url($url) { return str_replace(array('&', '&'), '&', rawurldecode($url)); } 201 } 202 203 function is_url($url) { 204 205 if(preg_match("'^(ht|f)tps?://((\w+\.)+\w{2,}/?|((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.?){4})'i", trim($url))) 206 return true; 207 208 return false; 209 } 210 211 function add_cookie($name, $value, $expires = 0) { 212 return rawurlencode(rawurlencode($name)) . '=' . rawurlencode(rawurlencode($value)) . (empty($expires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s \G\M\T', $expires)) . '; path=/; domain=.' . $_SERVER['HTTP_HOST']; 213 } 214 215 function encode_post($array, $parent_key=null) { 216 217 $temp = array(); 218 foreach($array as $k=>$v) { 219 220 $k = isset($parent_key) ? sprintf('%s[%s]', $parent_key, urlencode($k)) : urlencode($k); 221 222 if(is_array($v)) 223 $temp = array_merge($temp, encode_post($v, $k)); 224 225 else 226 $temp[$k] = urlencode($v); 227 } 228 return $temp; 229 } 230 231 function get_post_files($array, $parent_key=null) { 232 233 $temp = array(); 234 foreach($array as $k=>$v) { 235 236 $k = isset($parent_key) ? sprintf('%s[%s]', $parent_key, urlencode($k)) : urlencode($k); 237 238 if(is_array($value)) 239 $temp = array_merge_recursive($temp, get_post_files($v, $k)); 240 241 else if(preg_match("'^([^\[\]]+)\[(name|type|tmp_name)\]'", $k, $m)) 242 $temp[str_replace($m[0], $m[1], $key)][$m[2]] = $value; 243 } 244 return $temp; 245 } 246 247 248 249 250 251 // Classes 252 253 if((bool)$_config['suppress_errors'] != true) { 254 255 class messageBox { 256 257 var $_messages; 258 var $_num_messages; 259 260 function messageBox() { 261 $this->_messages = array(); 262 } 263 264 function add($text, $type="Warning") { 265 266 $_num_messages = count($this->_messages); 267 268 $this->_messages[$this->_num_messages] .= " <tr class=\"" . $type . "Message\">\n"; 269 $this->_messages[$this->_num_messages] .= " <td class=\"" . $type . "Message\"> " . $type . ": " . $text . "</td>\n"; 270 $this->_messages[$this->_num_messages] .= " </tr>\n"; 271 } 272 273 function output() { 274 275 $out = "\n\n<div class=\"messageBox\">\n"; 276 $out .= " <table width=\"100%\" cellspacing=\"0\" cellpadding=\"2\" border=\"0\">\n"; 277 $out .= implode('', $this->_messages) . "\n"; 278 $out .= " </table>\n"; 279 $out .= "</div>\n"; 280 281 return $out; 282 } 283 } 284 } 285 286 287 288 289 // Gather enviorment variables 290 291 if(function_exists('sys_get_temp_dir')) 292 $_config['tmp_dir'] = sys_get_temp_dir(); 293 294 else if(!empty($_ENV['TMP'])) 295 $_config['tmp_dir'] = $_ENV['TMP']; 296 297 else if(!empty($_ENV['TMPDIR'])) 298 $_config['tmp_dir'] = $_ENV['TMPDIR']; 299 300 else if(!empty($_ENV['TEMP'])) 301 $_config['tmp_dir'] = $_ENV['TEMP']; 302 303 else { 304 305 if($tmp_file = tempnam(md5(uniqid(rand(), TRUE)), '')) { 306 307 $_config['tmp_dir'] = realpath(dirname($tmp_file)); 308 unlink($tmp_file); 309 } 310 } 311 312 313 if($_config['request_url']) { 314 315 if($_config['request_page']) 316 $_config['request_url'] = decode_url($_config['request_url']); 317 318 $_config['request_url_encoded'] = encode_url($_config['request_url']); 319 $_config['request_url'] = (strpos($_config['request_url'], "://") === false ? 'http://':'') . $_config['request_url']; 320 } 321 322 else if(strlen($_SERVER['PHP_SELF']) > strlen($_config['script_url'])) { 323 324 strstr($_SERVER['REQUEST_URI'], '?') ? $temp_url = explode('?', str_replace($_config['script_url'] . '/', '', $_SERVER['REQUEST_URI']), 2) : $temp_url[0] = str_replace($_config['script_url'] . '/', '', $_SERVER['REQUEST_URI']); 325 $temp_url[0] = decode_url($temp_url[0]); 326 327 $_config['request_url'] = substr($temp_url[0], 0, strpos($temp_url[0], '/')) . '://' . substr($temp_url[0], strpos($temp_url[0], '/')+1) . ($temp_url[1] ? '?' . (strtolower($_SERVER['REQUEST_METHOD']) == 'post' ? decode_url($temp_url[1]) : $temp_url[1]) : ''); 328 $_config['request_page'] = 'proxy'; 329 } 330 331 $messageBox = new messageBox(); 332 $loaded_extensions = get_loaded_extensions(); 333 334 if(array_search('openssl', $loaded_extensions) && version_compare(PHP_VERSION, '4.3.0', '>=')) 335 $_config['ssl'] = true; 336 337 else if((bool)$_config['suppress_errors'] != true) 338 $messageBox->add('SSL support disabled. <code>(OpenSSL extension no loaded.)</code>'); 339 340 if(array_search('ftp', $loaded_extensions)) 341 $_config['ftp'] = true; 342 343 else if((bool)$_config['suppress_errors'] != true) 344 $messageBox->add('FTP support disabled. <code>(FTP extension no loaded.)</code>'); 345 346 347 if(array_search('zlib', $loaded_extensions)) { 348 349 $_config['zlib'] = true; 350 !ini_get('zlib.output_compression') ? ob_start('ob_gzhandler') : ob_start(); 351 } 352 353 else 354 ob_start(); 355 356 357 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Tue Nov 20 20:31:26 2007 | par Balluche grâce à PHPXref 0.7 |
|