Marinha Grande

makeOption( 1, 'Yes' ) ); patHTML::radioSet( $tmpl, $template, $name, $value, $a, $varname ); } } /** * Provides a secure hash based on a seed * @param string Seed string * @return string */ function mosHash( $seed ) { return md5( $GLOBALS['mosConfig_secret'] . md5( $seed ) ); } /** * Format a backtrace error * @since 1.0.5 */ function mosBackTrace() { if (function_exists( 'debug_backtrace' )) { echo '

'; foreach( debug_backtrace() as $back) { if (@$back['file']) { echo '
' . str_replace( $GLOBALS['mosConfig_absolute_path'], '', $back['file'] ) . ':' . $back['line']; } } echo '

'; } } function josSpoofCheck( $header=NULL, $alt=NULL ) { $validate = mosGetParam( $_POST, josSpoofValue($alt), 0 ); // probably a spoofing attack if (!$validate) { header( 'HTTP/1.0 403 Forbidden' ); mosErrorAlert( _NOT_AUTH ); return; } // First, make sure the form was posted from a browser. // For basic web-forms, we don't care about anything // other than requests from a browser: if (!isset( $_SERVER['HTTP_USER_AGENT'] )) { header( 'HTTP/1.0 403 Forbidden' ); mosErrorAlert( _NOT_AUTH ); return; } // Make sure the form was indeed POST'ed: // (requires your html form to use: action="post") if (!$_SERVER['REQUEST_METHOD'] == 'POST' ) { header( 'HTTP/1.0 403 Forbidden' ); mosErrorAlert( _NOT_AUTH ); return; } if ($header) { // Attempt to defend against header injections: $badStrings = array( 'Content-Type:', 'MIME-Version:', 'Content-Transfer-Encoding:', 'bcc:', 'cc:' ); // Loop through each POST'ed value and test if it contains // one of the $badStrings: _josSpoofCheck( $_POST, $badStrings ); } } function _josSpoofCheck( $array, $badStrings ) { // Loop through each $array value and test if it contains // one of the $badStrings foreach( $array as $v ) { if (is_array( $v )) { _josSpoofCheck( $v, $badStrings ); } else { foreach ( $badStrings as $v2 ) { if ( stripos( $v, $v2 ) !== false ) { header( 'HTTP/1.0 403 Forbidden' ); mosErrorAlert( _NOT_AUTH ); exit(); // mosErrorAlert dies anyway, double check just to make sure } } } } } /** * Method to determine a hash for anti-spoofing variable names * * @return string Hashed var name * @static */ function josSpoofValue($alt=NULL) { global $mainframe; if ($alt) { if ( $alt == 1 ) { $random = date( 'Ymd' ); } else { $random = $alt . date( 'Ymd' ); } } else { $random = date( 'dmY' ); } // the prefix ensures that the hash is non-numeric // otherwise it will be intercepted by globals.php $validate = 'j' . mosHash( $mainframe->getCfg( 'db' ) . $random ); return $validate; } /** * A simple helper function to salt and hash a clear-text password. * * @since 1.0.13 * @param string $password A plain-text password * @return string An md5 hashed password with salt */ function josHashPassword($password) { // Salt and hash the password $salt = mosMakePassword(16); $crypt = md5($password.$salt); $hash = $crypt.':'.$salt; return $hash; } // ----- NO MORE CLASSES OR FUNCTIONS PASSED THIS POINT ----- // Post class declaration initialisations // some version of PHP don't allow the instantiation of classes // before they are defined /** @global mosPlugin $_MAMBOTS */ $_MAMBOTS = new mosMambotHandler(); ?> Marinha Grande