makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-07 20:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Various changes to further combat the idiots and dickheads out there using daddy's computer

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4882 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2004-04-21 12:18:02 +00:00
parent 4f034fdff2
commit e8e0ef46ed
1 changed files with 42 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
phpBB/common.php
View file

@ -8,7 +8,6 @@
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
@ -25,9 +24,44 @@ if ( !defined('IN_PHPBB') )
die("Hacking attempt");
}
//
function unset_vars(&$var)
{
while (list($var_name, $null) = @each($var))
{
unset($GLOBALS[$var_name]);
}
return;
}
//
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';
// Unset globally registered vars - PHP5 ... hhmmm
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
$var_prefix = (phpversion() >= '4.3.0') ? '' : 'HTTP';
$var_suffix = (phpversion() >= '4.3.0') ? '' : '_VARS';
if(is_array(${$var_prefix . '_GET' . $var_suffix}))
{
unset_vars(${$var_prefix . '_GET' . $var_suffix});
}
if(is_array(${$var_prefix . '_POST' . $var_suffix}))
{
unset_vars(${$var_prefix . '_POST' . $var_suffix});
}
if(is_array(${$var_prefix . '_COOKIE' . $var_suffix}))
{
unset_vars(${$var_prefix . '_COOKIE' . $var_suffix});
}
}
//
// addslashes to vars if magic_quotes_gpc is off
// this is a security precaution to prevent someone
@ -106,6 +140,7 @@ $userdata = array();
$theme = array();
$images = array();
$lang = array();
$nav_links = array();
$gen_simple_header = FALSE;
include($phpbb_root_path . 'config.'.$phpEx);
@ -126,32 +161,12 @@ include($phpbb_root_path . 'includes/db.'.$phpEx);
//
// Obtain and encode users IP
//
if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
$entries = explode(',', getenv('HTTP_X_FORWARDED_FOR'));
reset($entries);
while (list(, $entry) = each($entries))
{
$entry = trim($entry);
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) )
{
$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/');
$found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
if ($client_ip != $found_ip)
{
$client_ip = $found_ip;
break;
}
}
}
}
else
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
}
// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
// private range IP's appearing instead of the guilty routable IP, tough, don't
// even bother complaining ... go scream and shout at the idiots out there who feel
// "clever" is doing harm rather than good ... karma is a great thing ... :)
//
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
$user_ip = encode_ip($client_ip);
//