. //////////////////////////////////////////////////////////////////////////////// // Last modified 09/nov/2012 by cassio@ime.usp.br require_once('db.php'); define("dbcompat_1_4_1",true); // sanitization function sanitizeVariables(&$item, $key) { if (!is_array($item)) { // undoing 'magic_quotes_gpc = On' directive if (get_magic_quotes_gpc()) $item = stripcslashes($item); $item = sanitizeText($item); } } function filedownload($oid,$fname,$msg='') { $cf = globalconf(); $if = rawurlencode(encryptData($fname, session_id() . $cf['key'],false)); $p = myhash($oid . $fname . $msg . session_id() . $cf["key"]); $str = "oid=". $oid . "&filename=". $if . "&check=" . $p; if($msg != '') $str .= "&msg=" . rawurlencode($msg); return $str; } function cleardir($dir,$cddir=true,$secure=false) { if(is_dir($dir)) { $ds = DIRECTORY_SEPARATOR; if($ds=="") $ds = "/"; if($cddir) { @chdir($dir); @chdir('..'); } $d = @opendir($dir); while (($file = @readdir($d)) !== false) { if(!is_dir($dir . $ds . $file)) { if($secure) file_put_contents($dir . $ds . $file,str_repeat('XXXXXXXXXX',10000)); @unlink($dir . $ds . $file); } else { if($file != '.' && $file != '..') { $cdir1 = $dir . $ds . $file; $d1 = @opendir($cdir1); while (($file1 = @readdir($d1)) !== false) if(!is_dir($cdir1 . $ds . $file1)) { if($secure) file_put_contents($cdir1 . $ds . $file1,str_repeat('XXXXXXXXXX',10000)); @unlink($cdir1 . $ds . $file1); } @rmdir($cdir1); } } } @rmdir($dir); } else { if($secure) file_put_contents($dir,str_repeat('XXXXXXXXXX',10000)); @unlink($dir); } } // gen random alphanum string function randstr($len=8,$from='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789') { $str=''; $fromlen=strlen($from); while($len > 0) { $str .= substr($from,rand(0,$fromlen-1),1); $len--; } return $str; } function myhtmlspecialchars($text) { return sanitizeText($text,false); } // does the actual 'html' and 'sql' sanitization. function sanitizeText($text, $doamp=true) { if($doamp) $text = str_replace("&", "&", $text); $text = str_replace("<", "<", $text); $text = str_replace(">", ">", $text); $text = str_replace("\"", """, $text); $text = str_replace("'", "'", $text); $text = str_replace("`", "`", $text); //$text = escape_string($text); $text = addslashes($text); return $text; } array_walk_recursive($_FILES, 'sanitizeVariables'); array_walk_recursive($_POST, 'sanitizeVariables'); array_walk_recursive($_GET, 'sanitizeVariables'); array_walk_recursive($_COOKIE, 'sanitizeVariables'); //name of calling function function getFunctionName($num=2) { if(strcmp(phpversion(),'5.3.6')<0) { $backtrace = debug_backtrace(); } else { if(strcmp(phpversion(),'5.4.0')<0) $backtrace = debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT); else $backtrace = debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT,$num+5); } $ret = ''; for($i=0; $i<$num; $i++) if(isset($backtrace[$i]) && isset($backtrace[$i]['function'])) $ret .= " " . $backtrace[$i]['function']; if($ret =='') $ret='undef'; return $ret; } function getIP() { if (getenv("REMOTE_ADDR")) $ip = getenv("REMOTE_ADDR"); else return "UNKNOWN"; if(defined("dbcompat_1_4_1") && dbcompat_1_4_1==true) return $ip; $ip1=''; if (getenv("HTTP_X_FORWARDED_FOR")) { $ip1 = getenv("HTTP_X_FORWARDED_FOR"); $ip1 = strtok ($ip1, ","); if($ip1 != $ip) $ip .= ';' . $ip1; } if (getenv("HTTP_X_CLIENTIP")) { $ip1a = getenv("HTTP_X_CLIENTIP"); $ip1a = strtok ($ip1a, ","); if($ip1a != $ip1 && $ip1a != getenv("REMOTE_ADDR")) $ip .= ';' . $ip1a; } if (getenv("HTTP_CLIENT_IP")) { $ip2 = getenv("HTTP_CLIENT_IP"); $ip2 = strtok ($ip2, ","); if($ip2 != $ip1a && $ip1 != $ip2 && $ip2 != getenv("REMOTE_ADDR")) $ip .= ';' . $ip2; } else { if (getenv('HTTP_X_FORWARDED')) { $ip .= ';' . getenv('HTTP_X_FORWARDED'); } else { if (getenv('HTTP_FORWARDED')) { $ip .= ';' . getenv('HTTP_FORWARDED'); } } } return sanitizeText($ip); } //retorna ip e hostname do cliente function getIPHost() { $ips = explode(';',getIP()); $s=''; for($ipn=0;$ipn\n"; echo "alert('". $msg . "');\n"; echo "\n"; } //gera script para voltar aa tela dada function ForceLoad($where) { echo "\n"; exit; } function ForceClose() { echo "\n"; exit; } /** * Compare an IP address to network(s) * * The network(s) argument may be a string or an array. A negative network * match must start with a "!". Depending on the 3rd parameter, it will * return true or false on the first match, or any negative rule will have * absolute priority (default). * * Samples: * match_network ("192.168.1.0/24", "192.168.1.1") -> true * * match_network (array ("192.168.1.0/24", "!192.168.1.1"), "192.168.1.1") -> false * match_network (array ("192.168.1.0/24", "!192.168.1.1"), "192.168.1.1", true) -> true * match_network (array ("!192.168.1.0/24", "192.168.1.1"), "192.168.1.1") -> false * match_network (array ("!192.168.1.0/24", "192.168.1.1"), "192.168.1.1", true) -> false * * @param mixed Network to match * @param string IP address * @param bool true: first match will return / false: priority to negative rules (default) * @see http://php.benscom.com/manual/en/function.ip2long.php#56373 */ function match_network ($nets, $ip) { if (!is_array ($nets)) $nets = explode(",",$nets); foreach ($nets as $net) { $net = trim($net); $rev = (preg_match ("/^\!/", $net)) ? true : false; $net = preg_replace ("/^\!/", "", $net); $ip_arr = explode('/', $net); $net_long = ip2long(trim($ip_arr[0])); if(trim($ip_arr[1]) != '') { $x = ip2long(trim($ip_arr[1])); $mask = long2ip($x) == ((int) trim($ip_arr[1])) ? $x : 0xffffffff << (32 - ((int) trim($ip_arr[1]))); } else { $mask=0xffffffff; } $ip_long = ip2long($ip); if ($rev) { if (($ip_long & $mask) != ($net_long & $mask)) return true; } else { if (($ip_long & $mask) == ($net_long & $mask)) return true; } } return false; } // eof ?>