geekwright /
XoopsCore
| Conditions | 63 |
| Paths | > 20000 |
| Total Lines | 188 |
| Code Lines | 103 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 0 | ||
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 25 | function protector_postcheck() |
||
| 26 | { |
||
| 27 | |||
| 28 | $xoops = Xoops::getInstance(); |
||
| 29 | $xoops->db(); |
||
| 30 | global $xoopsDB; |
||
| 31 | // patch for 2.2.x from xoops.org (I know this is not so beautiful...) |
||
| 32 | if (substr(@XOOPS_VERSION, 6, 3) > 2.0 && stristr(@$_SERVER['REQUEST_URI'], 'modules/system/admin.php?fct=preferences')) { |
||
| 33 | $module_handler = $xoops->getHandlerModule(); |
||
| 34 | /* @var $module XoopsModule */ |
||
| 35 | $module = $module_handler->get((int)(@$_GET['mod'])); |
||
| 36 | if (is_object($module)) { |
||
| 37 | $module->getInfo(); |
||
| 38 | } |
||
| 39 | } |
||
| 40 | |||
| 41 | // configs writable check |
||
| 42 | if (@$_SERVER['REQUEST_URI'] === '/admin.php' && !is_writable(dirname(__DIR__) . '/configs')) { |
||
| 43 | trigger_error('You should turn the directory ' . dirname(__DIR__) . '/configs writable', E_USER_WARNING); |
||
| 44 | } |
||
| 45 | |||
| 46 | // Protector object |
||
| 47 | require_once dirname(__DIR__) . '/class/protector.php'; |
||
| 48 | $protector = Protector::getInstance(); |
||
| 49 | |||
| 50 | $protector->setConn($xoopsDB->conn); |
||
| 51 | $protector->updateConfFromDb(); |
||
| 52 | $conf = $protector->getConf(); |
||
| 53 | if (empty($conf)) { |
||
| 54 | return true; |
||
| 55 | } // not installed yet |
||
| 56 | |||
| 57 | // phpmailer vulnerability |
||
| 58 | // http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/ |
||
| 59 | if (in_array(substr(XOOPS_VERSION, 0, 12), array('XOOPS 2.0.16', 'XOOPS 2.0.13', 'XOOPS 2.2.4'))) { |
||
| 60 | $xoopsMailerConfig = $xoops->getConfigs(); |
||
| 61 | if ($xoopsMailerConfig['mailmethod'] === 'sendmail' && md5_file(\XoopsBaseConfig::get('root-path') . '/class/mail/phpmailer/class.phpmailer.php') === 'ee1c09a8e579631f0511972f929fe36a') { |
||
| 62 | echo '<strong>phpmailer security hole! Change the preferences of mail from "sendmail" to another, or upgrade the core right now! (message by protector)</strong>'; |
||
| 63 | } |
||
| 64 | } |
||
| 65 | |||
| 66 | // global enabled or disabled |
||
| 67 | if (!empty($conf['global_disabled'])) { |
||
| 68 | return true; |
||
| 69 | } |
||
| 70 | |||
| 71 | // group1_ips (groupid=1) |
||
| 72 | if ($xoops->isUser() && in_array(1, $xoops->user->getGroups())) { |
||
| 73 | $group1_ips = $protector->get_group1_ips(true); |
||
| 74 | if (implode('', array_keys($group1_ips))) { |
||
| 75 | $group1_allow = $protector->ip_match($group1_ips); |
||
| 76 | if (empty($group1_allow)) { |
||
| 77 | die('This account is disabled for your IP by Protector.<br />Clear cookie if you want to access this site as a guest.'); |
||
|
|
|||
| 78 | } |
||
| 79 | } |
||
| 80 | } |
||
| 81 | |||
| 82 | // reliable ips |
||
| 83 | $reliable_ips = @unserialize(@$conf['reliable_ips']); |
||
| 84 | if (is_array($reliable_ips)) { |
||
| 85 | foreach ($reliable_ips as $reliable_ip) { |
||
| 86 | if (!empty($reliable_ip) && preg_match('/' . $reliable_ip . '/', $_SERVER['REMOTE_ADDR'])) { |
||
| 87 | return true; |
||
| 88 | } |
||
| 89 | } |
||
| 90 | } |
||
| 91 | |||
| 92 | // user information (uid and can be banned) |
||
| 93 | if ($xoops->isUser()) { |
||
| 94 | $uid = $xoops->user->getVar('uid'); |
||
| 95 | $can_ban = count(@array_intersect($xoops->user->getGroups(), @unserialize(@$conf['bip_except']))) ? false : true; |
||
| 96 | } else { |
||
| 97 | // login failed check |
||
| 98 | if ((!empty($_POST['uname']) && !empty($_POST['pass'])) || (!empty($_COOKIE['autologin_uname']) && !empty($_COOKIE['autologin_pass']))) { |
||
| 99 | $protector->check_brute_force(); |
||
| 100 | } |
||
| 101 | $uid = 0; |
||
| 102 | $can_ban = true; |
||
| 103 | } |
||
| 104 | // CHECK for spammers IPS/EMAILS during POST Actions |
||
| 105 | if (@$conf['stopforumspam_action'] !== 'none') { |
||
| 106 | $protector->stopforumspam($uid); |
||
| 107 | } |
||
| 108 | |||
| 109 | // If precheck has already judged that he should be banned |
||
| 110 | if ($can_ban && $protector->_should_be_banned) { |
||
| 111 | $protector->register_bad_ips(); |
||
| 112 | } else { |
||
| 113 | if ($can_ban && $protector->_should_be_banned_time0) { |
||
| 114 | $protector->register_bad_ips(time() + $protector->_conf['banip_time0']); |
||
| 115 | } |
||
| 116 | } |
||
| 117 | |||
| 118 | // DOS/CRAWLER skipping based on 'dirname' or getcwd() |
||
| 119 | $dos_skipping = false; |
||
| 120 | $skip_dirnames = explode('|', @$conf['dos_skipmodules']); |
||
| 121 | if (!is_array($skip_dirnames)) { |
||
| 122 | $skip_dirnames = array(); |
||
| 123 | } |
||
| 124 | if ($xoops->isModule()) { |
||
| 125 | if (in_array($xoops->module->getVar('dirname'), $skip_dirnames)) { |
||
| 126 | $dos_skipping = true; |
||
| 127 | } |
||
| 128 | } else { |
||
| 129 | foreach ($skip_dirnames as $skip_dirname) { |
||
| 130 | if ($skip_dirname && strstr(getcwd(), $skip_dirname)) { |
||
| 131 | $dos_skipping = true; |
||
| 132 | break; |
||
| 133 | } |
||
| 134 | } |
||
| 135 | } |
||
| 136 | |||
| 137 | // module can controll DoS skipping |
||
| 138 | if (defined('PROTECTOR_SKIP_DOS_CHECK')) { |
||
| 139 | $dos_skipping = true; |
||
| 140 | } |
||
| 141 | |||
| 142 | // DoS Attack |
||
| 143 | if (empty($dos_skipping) && !$protector->check_dos_attack($uid, $can_ban)) { |
||
| 144 | $protector->output_log($protector->last_error_type, $uid, true, 16); |
||
| 145 | } |
||
| 146 | |||
| 147 | // check session hi-jacking |
||
| 148 | $ips = explode('.', @$_SESSION['protector_last_ip']); |
||
| 149 | $protector_last_numip = @$ips[0] * 0x1000000 + @$ips[1] * 0x10000 + @$ips[2] * 0x100 + @$ips[3]; |
||
| 150 | $ips = explode('.', $_SERVER['REMOTE_ADDR']); |
||
| 151 | $remote_numip = @$ips[0] * 0x1000000 + @$ips[1] * 0x10000 + @$ips[2] * 0x100 + @$ips[3]; |
||
| 152 | $shift = 32 - @$conf['session_fixed_topbit']; |
||
| 153 | if ($shift < 32 && $shift >= 0 && !empty($_SESSION['protector_last_ip']) && $protector_last_numip >> $shift != $remote_numip >> $shift) { |
||
| 154 | if ($xoops->isUser() && count(array_intersect($xoops->user->getGroups(), unserialize($conf['groups_denyipmove'])))) { |
||
| 155 | $protector->purge(true); |
||
| 156 | } |
||
| 157 | } |
||
| 158 | $_SESSION['protector_last_ip'] = $_SERVER['REMOTE_ADDR']; |
||
| 159 | |||
| 160 | // SQL Injection "Isolated /*" |
||
| 161 | if (!$protector->check_sql_isolatedcommentin(@$conf['isocom_action'] & 1)) { |
||
| 162 | if (($conf['isocom_action'] & 8) && $can_ban) { |
||
| 163 | $protector->register_bad_ips(); |
||
| 164 | } else { |
||
| 165 | if (($conf['isocom_action'] & 4) && $can_ban) { |
||
| 166 | $protector->register_bad_ips(time() + $protector->_conf['banip_time0']); |
||
| 167 | } |
||
| 168 | } |
||
| 169 | $protector->output_log('ISOCOM', $uid, true, 32); |
||
| 170 | if ($conf['isocom_action'] & 2) { |
||
| 171 | $protector->purge(); |
||
| 172 | } |
||
| 173 | } |
||
| 174 | |||
| 175 | // SQL Injection "UNION" |
||
| 176 | if (!$protector->check_sql_union(@$conf['union_action'] & 1)) { |
||
| 177 | if (($conf['union_action'] & 8) && $can_ban) { |
||
| 178 | $protector->register_bad_ips(); |
||
| 179 | } else { |
||
| 180 | if (($conf['union_action'] & 4) && $can_ban) { |
||
| 181 | $protector->register_bad_ips(time() + $protector->_conf['banip_time0']); |
||
| 182 | } |
||
| 183 | } |
||
| 184 | $protector->output_log('UNION', $uid, true, 32); |
||
| 185 | if ($conf['union_action'] & 2) { |
||
| 186 | $protector->purge(); |
||
| 187 | } |
||
| 188 | } |
||
| 189 | |||
| 190 | if (!empty($_POST)) { |
||
| 191 | // SPAM Check |
||
| 192 | if ($xoops->isUser()) { |
||
| 193 | if (!$xoops->user->isAdmin() && $conf['spamcount_uri4user']) { |
||
| 194 | $protector->spam_check((int)($conf['spamcount_uri4user']), $xoops->user->getVar('uid')); |
||
| 195 | } |
||
| 196 | } else { |
||
| 197 | if ($conf['spamcount_uri4guest']) { |
||
| 198 | |||
| 199 | $protector->spam_check((int)($conf['spamcount_uri4guest']), 0); |
||
| 200 | } |
||
| 201 | } |
||
| 202 | |||
| 203 | // filter plugins for POST on postcommon stage |
||
| 204 | $protector->call_filter('postcommon_post'); |
||
| 205 | } |
||
| 206 | |||
| 207 | // register.php Protection |
||
| 208 | if ($_SERVER['SCRIPT_FILENAME'] == \XoopsBaseConfig::get('root-path') . '/register.php') { |
||
| 209 | $protector->call_filter('postcommon_register'); |
||
| 210 | } |
||
| 211 | |||
| 212 | return true; |
||
| 213 | } |
||
| 214 |
Loading history...
In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.