Rev 4 | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
2 | daniel-mar | 1 | <?php |
2 | |||
3 | // ------------------------------------------------------------------------------- |
||
4 | // | net2ftp: a web based FTP client | |
||
5 | // | Copyright (c) 2003-2007 by David Gartner | |
||
6 | // | | |
||
7 | // | This program is free software; you can redistribute it and/or | |
||
8 | // | modify it under the terms of the GNU General Public License | |
||
9 | // | as published by the Free Software Foundation; either version 2 | |
||
10 | // | of the License, or (at your option) any later version. | |
||
11 | // | | |
||
12 | // ------------------------------------------------------------------------------- |
||
13 | |||
14 | // Make sure this file is included by net2ftp, not accessed directly |
||
15 | defined("NET2FTP") or die("Direct access to this location is not allowed."); |
||
16 | |||
17 | // ------------------------------------------------------------------------- |
||
18 | // Overview of the code |
||
19 | // 1 Replace \' by ' (remove_magic_quotes) |
||
20 | // 2 Start the session |
||
21 | // 3 Register $_SERVER variables |
||
22 | // 4.1 Register main variables - POST method |
||
23 | // 4.2 Register main variables - GET method |
||
24 | // 5.1 Delete the session data when logging out |
||
25 | // 5.2 Redirect to login_small if session has expired |
||
26 | // 6 Register $_COOKIE variables |
||
27 | // 7 Determine the browser agent, version and platform |
||
28 | // ------------------------------------------------------------------------- |
||
29 | |||
30 | // ------------------------------------------------------------------------- |
||
31 | // 1 When a variable is submitted, quotes ' are replaced by backslash-quotes \' |
||
32 | // This function removes the extra backslash that is added |
||
33 | // ------------------------------------------------------------------------- |
||
34 | if (get_magic_quotes_gpc() == 1) { |
||
35 | remove_magic_quotes($_POST); |
||
36 | remove_magic_quotes($_GET); |
||
37 | remove_magic_quotes($_COOKIE); |
||
38 | } |
||
39 | |||
40 | // Do not add remove_magic_quotes for $GLOBALS because this would call the same |
||
41 | // function a second time, replacing \' by ' and \" by " |
||
42 | |||
43 | |||
44 | // ------------------------------------------------------------------------- |
||
45 | // 2 Start the session |
||
46 | // ------------------------------------------------------------------------- |
||
47 | |||
48 | if (function_exists("session_name") == false) { |
||
49 | $net2ftp_result["success"] = false; |
||
50 | $net2ftp_result["error_message"] = "Sessions are not supported on this server."; |
||
51 | $net2ftp_result["debug_backtrace"] = debug_backtrace(); |
||
52 | logError(); |
||
53 | return false; |
||
54 | } |
||
55 | |||
56 | |||
57 | |||
58 | |||
3 | daniel-mar | 59 | // Personal WebBase: Auskommentierung |
2 | daniel-mar | 60 | |
61 | /* |
||
62 | |||
63 | // PMA - Cookies are safer |
||
64 | ini_set("session.use_cookies", true); |
||
65 | |||
66 | // PMA - but not all user allow cookies |
||
67 | ini_set("session.use_only_cookies", false); |
||
68 | ini_set("session.use_trans_sid", true); |
||
69 | |||
70 | // PMA - Delete session/cookies when browser is closed |
||
71 | ini_set("session.cookie_lifetime", 0); |
||
72 | |||
73 | // PMA - Warn but dont work with bug |
||
74 | ini_set("session.bug_compat_42", false); |
||
75 | ini_set("session.bug_compat_warn", true); |
||
76 | |||
77 | // PMA - Use more secure session ids (with PHP 5) |
||
78 | if (version_compare(PHP_VERSION, "5.0.0", "ge") && substr(PHP_OS, 0, 3) != "WIN") { |
||
79 | ini_set("session.hash_function", 1); |
||
80 | ini_set("session.hash_bits_per_character", 6); |
||
81 | } |
||
82 | |||
83 | // PMA - [2006-01-25] Nicola Asuni - www.tecnick.com: maybe the PHP directive |
||
84 | // session.save_handler is set to another value like "user" |
||
85 | ini_set("session.save_handler", "files"); |
||
86 | |||
87 | // Start the session |
||
88 | // PMA - On some servers (for example, sourceforge.net), we get a permission error on the session data directory, so prefix with @ |
||
89 | @session_start(); |
||
90 | |||
91 | // Check if the session ID and the IP address have changed |
||
92 | if (isset($_SESSION["net2ftp_session_id_new"]) == true) { $_SESSION["net2ftp_session_id_old"] = $_SESSION["net2ftp_session_id_new"]; } |
||
93 | else { $_SESSION["net2ftp_session_id_old"] = ""; } |
||
94 | if (isset($_SESSION["net2ftp_remote_addr_new"]) == true) { $_SESSION["net2ftp_remote_addr_old"] = $_SESSION["net2ftp_remote_addr_new"]; } |
||
95 | else { $_SESSION["net2ftp_remote_addr_old"] = ""; } |
||
96 | $_SESSION["net2ftp_session_id_new"] = session_id(); |
||
97 | $_SESSION["net2ftp_remote_addr_new"] = $_SERVER["REMOTE_ADDR"]; |
||
98 | |||
99 | */ |
||
100 | |||
101 | |||
102 | |||
103 | |||
104 | |||
105 | |||
106 | |||
107 | |||
108 | |||
109 | |||
110 | |||
111 | |||
112 | |||
113 | |||
3 | daniel-mar | 114 | // Personal WebBase-Spezifischer Session-Abschnitt |
2 | daniel-mar | 115 | |
116 | |||
117 | |||
118 | // http://de3.php.net/md5: Alexander Valyalkin |
||
119 | |||
120 | function get_rnd_iv($iv_len) |
||
121 | { |
||
122 | $iv = ''; |
||
123 | while ($iv_len-- > 0) { |
||
124 | $iv .= chr(mt_rand() & 0xff); |
||
125 | } |
||
126 | return $iv; |
||
127 | } |
||
128 | |||
129 | function ib_encrypt($plain_text, $password, $iv_len = 16) |
||
130 | { |
||
131 | $plain_text .= "\x13"; |
||
132 | $n = strlen($plain_text); |
||
133 | if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16)); |
||
134 | $i = 0; |
||
135 | $enc_text = get_rnd_iv($iv_len); |
||
136 | $iv = substr($password ^ $enc_text, 0, 512); |
||
137 | while ($i < $n) { |
||
138 | $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv)); |
||
139 | $enc_text .= $block; |
||
140 | $iv = substr($block . $iv, 0, 512) ^ $password; |
||
141 | $i += 16; |
||
142 | } |
||
143 | return base64_encode($enc_text); |
||
144 | } |
||
145 | |||
146 | function ib_decrypt($enc_text, $password, $iv_len = 16) |
||
147 | { |
||
148 | $enc_text = base64_decode($enc_text); |
||
149 | $n = strlen($enc_text); |
||
150 | $i = $iv_len; |
||
151 | $plain_text = ''; |
||
152 | $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512); |
||
153 | while ($i < $n) { |
||
154 | $block = substr($enc_text, $i, 16); |
||
155 | $plain_text .= $block ^ pack('H*', md5($iv)); |
||
156 | $iv = substr($block . $iv, 0, 512) ^ $password; |
||
157 | $i += 16; |
||
158 | } |
||
159 | return preg_replace('/\\x13\\x00*$/', '', $plain_text); |
||
160 | } |
||
161 | |||
14 | daniel-mar | 162 | define('WBLEGAL', '1'); |
2 | daniel-mar | 163 | global $mysql_zugangsdaten; |
164 | include '../../../includes/config.inc.php'; |
||
165 | |||
166 | if ((isset($lock)) && ($lock)) |
||
167 | { |
||
3 | daniel-mar | 168 | die('<h1>Personal WebBase ist gesperrt</h1>Die Variable "$lock" in "includes/config.inc.php" steht auf 1 bzw. true. Setzen Sie diese Variable erst auf 0, wenn das Hochladen der Dateien beim Installations- bzw. Updateprozess beendet ist. Wenn Sie Personal WebBase freigeben, bevor der Upload abgeschlossen ist, kann es zu einer Beschädigung der Kundendatenbank kommen!'); |
2 | daniel-mar | 169 | } |
170 | |||
171 | //@ini_set('session.auto_start', 0); |
||
172 | @ini_set('session.cache_expire', 180); |
||
173 | @ini_set('session.use_trans_sid', 0); |
||
174 | @ini_set('session.use_cookies', 1); |
||
175 | @ini_set('session.use_only_cookies', 1); |
||
176 | if ($force_ssl) @ini_set('session.cookie_secure', 1); |
||
177 | @ini_set('session.cookie_lifetime', 0); |
||
178 | @ini_set('session.gc_maxlifetime', 1440); |
||
179 | @ini_set('session.bug_compat_42', 0); |
||
180 | @ini_set('session.bug_compat_warn', 1); |
||
181 | if (version_compare(PHP_VERSION, '5.0.0', 'ge') && substr(PHP_OS, 0, 3) != 'WIN') |
||
182 | { |
||
183 | @ini_set('session.hash_function', 1); |
||
184 | @ini_set('session.hash_bits_per_character', 6); |
||
185 | } |
||
186 | @ini_set('session.save_handler', 'user'); |
||
187 | // @ini_set('session.save_path', '../../../includes/session/'); |
||
188 | //@ini_set('arg_separator.output', '&'); |
||
189 | //@ini_set('url_rewriter.tags', 'a=href,area=href,frame=src,input=src,fieldset='); |
||
190 | |||
191 | $ib_session_name = 'ironbase'; |
||
192 | |||
193 | @session_unset(); |
||
194 | @session_destroy(); |
||
195 | |||
196 | |||
197 | /* ib_newdatabasetable('sessions', $m2, 'SessionID', "varchar(255) NOT NULL", |
||
198 | 'LastUpdated', "datetime NOT NULL", |
||
199 | 'DataValue', "text"); */ |
||
200 | |||
201 | function sessao_open($aSavaPath, $aSessionName) |
||
202 | { |
||
203 | sessao_gc( ini_get('session.gc_maxlifetime') ); |
||
204 | return True; |
||
205 | } |
||
206 | |||
207 | function sessao_close() |
||
208 | { |
||
209 | return True; |
||
210 | } |
||
211 | |||
212 | function sessao_read( $aKey ) |
||
213 | { |
||
214 | global $mysql_zugangsdaten; |
||
215 | |||
216 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
||
217 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
||
218 | |||
219 | $busca = mysql_query("SELECT `DataValue` FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
||
220 | if (mysql_num_rows($busca) == 0) |
||
221 | { |
||
222 | mysql_query("INSERT INTO `".$mysql_zugangsdaten['praefix']."sessions` (`SessionID`, `LastUpdated`, `DataValue`) VALUES ('".mysql_real_escape_string($aKey)."', NOW(), '')"); |
||
223 | |||
224 | @mysql_close($ib_conn); |
||
225 | |||
226 | return ''; |
||
227 | } |
||
228 | else |
||
229 | { |
||
230 | $r = mysql_fetch_array($busca); |
||
231 | |||
232 | @mysql_close($ib_conn); |
||
233 | |||
234 | return ib_decrypt($r['DataValue'], $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort']); |
||
235 | } |
||
236 | } |
||
237 | |||
238 | function sessao_write( $aKey, $aVal ) |
||
239 | { |
||
240 | global $mysql_zugangsdaten; |
||
241 | |||
242 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
||
243 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
||
244 | |||
245 | mysql_query("UPDATE `".$mysql_zugangsdaten['praefix']."sessions` SET `DataValue` = '".ib_encrypt($aVal, $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort'])."', `LastUpdated` = NOW() WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
||
246 | |||
247 | @mysql_close($ib_conn); |
||
248 | |||
249 | return True; |
||
250 | } |
||
251 | |||
252 | function sessao_destroy( $aKey ) |
||
253 | { |
||
254 | global $mysql_zugangsdaten; |
||
255 | |||
256 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
||
257 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
||
258 | |||
259 | mysql_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
||
260 | if (mysql_affected_rows() > 0) |
||
261 | mysql_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
||
262 | |||
263 | @mysql_close($ib_conn); |
||
264 | |||
265 | return True; |
||
266 | } |
||
267 | |||
268 | function sessao_gc( $aMaxLifeTime ) |
||
269 | { |
||
270 | global $mysql_zugangsdaten; |
||
271 | |||
272 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
||
273 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
||
274 | |||
3 | daniel-mar | 275 | mysql_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`LastUpdated`) > '".mysql_real_escape_string($aMaxLifeTime)."'"); |
2 | daniel-mar | 276 | if (mysql_affected_rows() > 0) |
277 | mysql_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
||
278 | |||
279 | @mysql_close($ib_conn); |
||
280 | |||
281 | return True; |
||
282 | } |
||
283 | |||
284 | @session_set_save_handler("sessao_open", "sessao_close", "sessao_read", "sessao_write", "sessao_destroy", "sessao_gc"); |
||
285 | |||
286 | @session_name($ib_session_name); |
||
287 | @session_start(); |
||
288 | |||
14 | daniel-mar | 289 | if ($_SESSION['wb_user_type'] == '') |
2 | daniel-mar | 290 | { |
291 | |||
292 | die('<script language="JavaScript"> |
||
293 | <!-- |
||
3 | daniel-mar | 294 | alert("Sie sind nicht mehr in Personal WebBase eingeloggt!"); |
2 | daniel-mar | 295 | parent.window.close(); |
296 | // --> |
||
297 | </script>'); |
||
298 | |||
299 | } |
||
300 | |||
301 | if (version_compare(PHP_VERSION, '5.1.2', 'lt') && isset($_COOKIE[$session_name]) && eregi("\r|\n", $_COOKIE[$session_name])) |
||
302 | { |
||
303 | die('Angriff'); |
||
304 | } |
||
305 | |||
306 | // http://lists.phpbar.de/pipermail/php/Week-of-Mon-20040322/007749.html |
||
307 | // Entnommen von functions.inc.php |
||
308 | |||
309 | function fetchip() |
||
310 | { |
||
311 | $client_ip = (isset($_SERVER['HTTP_CLIENT_IP'])) ? $_SERVER['HTTP_CLIENT_IP'] : ''; |
||
312 | $x_forwarded_for = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; |
||
313 | $remote_addr = (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : ''; |
||
314 | |||
315 | if (!empty($client_ip)) |
||
316 | { |
||
317 | $ip_expl = explode('.',$client_ip); |
||
318 | $referer = explode('.',$remote_addr); |
||
319 | if($referer[0] != $ip_expl[0]) |
||
320 | { |
||
321 | $ip=array_reverse($ip_expl); |
||
322 | $return=implode('.',$ip); |
||
323 | } |
||
324 | else |
||
325 | { |
||
326 | $return = $client_ip; |
||
327 | } |
||
328 | } |
||
329 | else if (!empty($x_forwarded_for)) |
||
330 | { |
||
331 | if(strstr($x_forwarded_for,',')) |
||
332 | { |
||
333 | $ip_expl = explode(',',$x_forwarded_for); |
||
334 | $return = end($ip_expl); |
||
335 | } |
||
336 | else |
||
337 | { |
||
338 | $return = $x_forwarded_for; |
||
339 | } |
||
340 | } |
||
341 | else |
||
342 | { |
||
343 | $return = $remote_addr; |
||
344 | } |
||
345 | unset ($client_ip, $x_forwarded_for, $remote_addr, $ip_expl); |
||
346 | return $return; |
||
347 | } |
||
348 | |||
349 | $usedns = TRUE; |
||
350 | |||
351 | $useragent = $_SERVER['HTTP_USER_AGENT']; |
||
352 | $host = fetchip(); |
||
353 | |||
354 | if ($usedns) // <- war im Originalen $global['dns']... was soll das sein?! |
||
355 | $dns = @gethostbyaddr($host); |
||
356 | else |
||
357 | $dns = $host; |
||
358 | |||
359 | if ((isset($_SESSION['session_secured'])) && ($_SESSION['session_secured'])) |
||
360 | { |
||
361 | if ( |
||
362 | (($_SESSION['host'] != $host) && !$usedns) |
||
363 | || ($_SESSION['dns'] != $dns) |
||
364 | || ($_SESSION['useragent'] != $useragent) |
||
365 | ) { |
||
366 | session_regenerate_id(); |
||
367 | session_unset(); |
||
368 | } |
||
369 | } else { |
||
370 | $_SESSION['host'] = $host; |
||
371 | $_SESSION['dns'] = $dns; |
||
372 | $_SESSION['useragent'] = $useragent; |
||
373 | $_SESSION['session_secured'] = 1; |
||
374 | } |
||
375 | |||
376 | |||
3 | daniel-mar | 377 | // Ende Personal WebBase-Abschnitt |
2 | daniel-mar | 378 | |
379 | |||
380 | |||
381 | |||
382 | |||
383 | |||
384 | |||
385 | |||
386 | |||
387 | |||
388 | // ------------------------------------------------------------------------- |
||
389 | // 3 SERVER variabes |
||
390 | // ------------------------------------------------------------------------- |
||
391 | if (isset($_SERVER["SCRIPT_NAME"]) == true) { $net2ftp_globals["PHP_SELF"] = $_SERVER["SCRIPT_NAME"]; } |
||
392 | elseif (isset($_SERVER["PHP_SELF"]) == true) { $net2ftp_globals["PHP_SELF"] = $_SERVER["PHP_SELF"]; } |
||
393 | else { $net2ftp_globals["PHP_SELF"] = "index.php"; } |
||
394 | if (isset($_SERVER["HTTP_REFERER"]) == true) { $net2ftp_globals["HTTP_REFERER"] = $_SERVER["HTTP_REFERER"]; } |
||
395 | else { $net2ftp_globals["HTTP_REFERER"] = ""; } |
||
396 | if (isset($_SERVER["HTTP_USER_AGENT"]) == true) { $net2ftp_globals["HTTP_USER_AGENT"] = $_SERVER["HTTP_USER_AGENT"]; } |
||
397 | if (isset($_SERVER["REMOTE_ADDR"]) == true) { $net2ftp_globals["REMOTE_ADDR"] = $_SERVER["REMOTE_ADDR"]; } |
||
398 | if (isset($_SERVER["REMOTE_PORT"]) == true) { $net2ftp_globals["REMOTE_PORT"] = $_SERVER["REMOTE_PORT"]; } |
||
399 | |||
400 | // Action URL |
||
401 | // Note that later on in this file parameters may be appended to the action_url (for Mambo and Drupal) |
||
402 | $net2ftp_globals["action_url"] = $net2ftp_globals["PHP_SELF"]; |
||
403 | |||
404 | |||
405 | // ------------------------------------------------------------------------- |
||
406 | // 4 Register main variables |
||
407 | // ------------------------------------------------------------------------- |
||
408 | |||
409 | // ---------------------------------------------- |
||
410 | // FTP server |
||
411 | // ---------------------------------------------- |
||
412 | if (isset($_POST["ftpserver"]) == true) { $net2ftp_globals["ftpserver"] = validateFtpserver($_POST["ftpserver"]); } |
||
413 | elseif (isset($_GET["ftpserver"]) == true) { $net2ftp_globals["ftpserver"] = validateFtpserver($_GET["ftpserver"]); } |
||
414 | else { $net2ftp_globals["ftpserver"] = validateFtpserver(""); } |
||
415 | $net2ftp_globals["ftpserver_html"] = htmlEncode2($net2ftp_globals["ftpserver"]); |
||
416 | $net2ftp_globals["ftpserver_url"] = urlEncode2($net2ftp_globals["ftpserver"]); |
||
417 | $net2ftp_globals["ftpserver_js"] = javascriptEncode2($net2ftp_globals["ftpserver"]); |
||
418 | |||
419 | // ---------------------------------------------- |
||
420 | // FTP server port |
||
421 | // ---------------------------------------------- |
||
422 | if (isset($_POST["ftpserverport"]) == true) { $net2ftp_globals["ftpserverport"] = validateFtpserverport($_POST["ftpserverport"]); } |
||
423 | elseif (isset($_GET["ftpserverport"]) == true) { $net2ftp_globals["ftpserverport"] = validateFtpserverport($_GET["ftpserverport"]); } |
||
424 | else { $net2ftp_globals["ftpserverport"] = validateFtpserverport(""); } |
||
425 | $net2ftp_globals["ftpserverport_html"] = htmlEncode2($net2ftp_globals["ftpserverport"]); |
||
426 | $net2ftp_globals["ftpserverport_url"] = urlEncode2($net2ftp_globals["ftpserverport"]); |
||
427 | $net2ftp_globals["ftpserverport_js"] = javascriptEncode2($net2ftp_globals["ftpserverport"]); |
||
428 | |||
429 | // ---------------------------------------------- |
||
430 | // Username |
||
431 | // ---------------------------------------------- |
||
432 | if (isset($_POST["username"]) == true) { $net2ftp_globals["username"] = validateUsername($_POST["username"]); } |
||
433 | elseif (isset($_GET["username"]) == true) { $net2ftp_globals["username"] = validateUsername($_GET["username"]); } |
||
434 | else { $net2ftp_globals["username"] = validateUsername(""); } |
||
435 | $net2ftp_globals["username_html"] = htmlEncode2($net2ftp_globals["username"]); |
||
436 | $net2ftp_globals["username_url"] = urlEncode2($net2ftp_globals["username"]); |
||
437 | $net2ftp_globals["username_js"] = javascriptEncode2($net2ftp_globals["username"]); |
||
438 | |||
439 | // ---------------------------------------------- |
||
440 | // Password |
||
441 | // ---------------------------------------------- |
||
442 | // From login form |
||
443 | if (isset($_POST["password"]) == true) { |
||
444 | $net2ftp_globals["password_encrypted"] = encryptPassword(trim($_POST["password"])); |
||
445 | $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = encryptPassword(trim($_POST["password"])); |
||
446 | } |
||
447 | // From the upload page (SWFUpload Flash applet) |
||
448 | elseif (isset($_GET["password_encrypted"]) == true) { |
||
449 | $net2ftp_globals["password_encrypted"] = trim($_GET["password_encrypted"]); |
||
450 | $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = trim($_GET["password_encrypted"]); |
||
451 | } |
||
452 | |||
453 | // ---------------------------------------------- |
||
454 | // Language |
||
455 | // ---------------------------------------------- |
||
456 | if (isset($_POST["language"]) == true) { $net2ftp_globals["language"] = validateLanguage($_POST["language"]); } |
||
457 | elseif (isset($_GET["language"]) == true) { $net2ftp_globals["language"] = validateLanguage($_GET["language"]); } |
||
458 | else { $net2ftp_globals["language"] = validateLanguage(""); } |
||
459 | $net2ftp_globals["language_html"] = htmlEncode2($net2ftp_globals["language"]); |
||
460 | $net2ftp_globals["language_url"] = urlEncode2($net2ftp_globals["language"]); |
||
461 | $net2ftp_globals["language_js"] = javascriptEncode2($net2ftp_globals["language"]); |
||
462 | |||
463 | // ---------------------------------------------- |
||
464 | // Skin |
||
465 | // ---------------------------------------------- |
||
466 | if (isset($_POST["skin"]) == true) { $net2ftp_globals["skin"] = validateSkin($_POST["skin"]); } |
||
467 | elseif (isset($_GET["skin"]) == true) { $net2ftp_globals["skin"] = validateSkin($_GET["skin"]); } |
||
468 | else { $net2ftp_globals["skin"] = validateSkin(""); } |
||
469 | $net2ftp_globals["skin_html"] = htmlEncode2($net2ftp_globals["skin"]); |
||
470 | $net2ftp_globals["skin_url"] = urlEncode2($net2ftp_globals["skin"]); |
||
471 | $net2ftp_globals["skin_js"] = javascriptEncode2($net2ftp_globals["skin"]); |
||
472 | |||
473 | $skinArray = getSkinArray(); |
||
474 | $net2ftp_globals["image_url"] = $skinArray[$net2ftp_globals["skin"]]["image_url"]; |
||
475 | |||
476 | // ---------------------------------------------- |
||
477 | // FTP mode |
||
478 | // ---------------------------------------------- |
||
479 | if (isset($_POST["ftpmode"]) == true) { $net2ftp_globals["ftpmode"] = validateFtpmode($_POST["ftpmode"]); } |
||
480 | elseif (isset($_GET["ftpmode"]) == true) { $net2ftp_globals["ftpmode"] = validateFtpmode($_GET["ftpmode"]); } |
||
481 | else { $net2ftp_globals["ftpmode"] = validateFtpmode(""); } |
||
482 | $net2ftp_globals["ftpmode_html"] = htmlEncode2($net2ftp_globals["ftpmode"]); |
||
483 | $net2ftp_globals["ftpmode_url"] = urlEncode2($net2ftp_globals["ftpmode"]); |
||
484 | $net2ftp_globals["ftpmode_js"] = javascriptEncode2($net2ftp_globals["ftpmode"]); |
||
485 | |||
486 | // ---------------------------------------------- |
||
487 | // Passive mode |
||
488 | // ---------------------------------------------- |
||
489 | if (isset($_POST["passivemode"]) == true) { $net2ftp_globals["passivemode"] = validatePassivemode($_POST["passivemode"]); } |
||
490 | elseif (isset($_GET["passivemode"]) == true) { $net2ftp_globals["passivemode"] = validatePassivemode($_GET["passivemode"]); } |
||
491 | else { $net2ftp_globals["passivemode"] = validatePassivemode(""); } |
||
492 | $net2ftp_globals["passivemode_html"] = htmlEncode2($net2ftp_globals["passivemode"]); |
||
493 | $net2ftp_globals["passivemode_url"] = urlEncode2($net2ftp_globals["passivemode"]); |
||
494 | $net2ftp_globals["passivemode_js"] = javascriptEncode2($net2ftp_globals["passivemode"]); |
||
495 | |||
496 | // ---------------------------------------------- |
||
497 | // SSL connect |
||
498 | // ---------------------------------------------- |
||
499 | if (isset($_POST["sslconnect"]) == true) { $net2ftp_globals["sslconnect"] = validateSslconnect($_POST["sslconnect"]); } |
||
500 | elseif (isset($_GET["sslconnect"]) == true) { $net2ftp_globals["sslconnect"] = validateSslconnect($_GET["sslconnect"]); } |
||
501 | else { $net2ftp_globals["sslconnect"] = validateSslconnect(""); } |
||
502 | $net2ftp_globals["sslconnect_html"] = htmlEncode2($net2ftp_globals["sslconnect"]); |
||
503 | $net2ftp_globals["sslconnect_url"] = urlEncode2($net2ftp_globals["sslconnect"]); |
||
504 | $net2ftp_globals["sslconnect_js"] = javascriptEncode2($net2ftp_globals["sslconnect"]); |
||
505 | |||
506 | // ---------------------------------------------- |
||
507 | // View mode |
||
508 | // ---------------------------------------------- |
||
509 | if (isset($_POST["viewmode"]) == true) { $net2ftp_globals["viewmode"] = validateViewmode($_POST["viewmode"]); } |
||
510 | elseif (isset($_GET["viewmode"]) == true) { $net2ftp_globals["viewmode"] = validateViewmode($_GET["viewmode"]); } |
||
511 | else { $net2ftp_globals["viewmode"] = validateViewmode(""); } |
||
512 | $net2ftp_globals["viewmode_html"] = htmlEncode2($net2ftp_globals["viewmode"]); |
||
513 | $net2ftp_globals["viewmode_url"] = urlEncode2($net2ftp_globals["viewmode"]); |
||
514 | $net2ftp_globals["viewmode_js"] = javascriptEncode2($net2ftp_globals["viewmode"]); |
||
515 | |||
516 | // ---------------------------------------------- |
||
517 | // Sort |
||
518 | // ---------------------------------------------- |
||
519 | if (isset($_POST["sort"]) == true) { $net2ftp_globals["sort"] = validateSort($_POST["sort"]); } |
||
520 | elseif (isset($_GET["sort"]) == true) { $net2ftp_globals["sort"] = validateSort($_GET["sort"]); } |
||
521 | else { $net2ftp_globals["sort"] = validateSort(""); } |
||
522 | $net2ftp_globals["sort_html"] = htmlEncode2($net2ftp_globals["sort"]); |
||
523 | $net2ftp_globals["sort_url"] = urlEncode2($net2ftp_globals["sort"]); |
||
524 | $net2ftp_globals["sort_js"] = javascriptEncode2($net2ftp_globals["sort"]); |
||
525 | |||
526 | // ---------------------------------------------- |
||
527 | // Sort order |
||
528 | // ---------------------------------------------- |
||
529 | if (isset($_POST["sortorder"]) == true) { $net2ftp_globals["sortorder"] = validateSortorder($_POST["sortorder"]); } |
||
530 | elseif (isset($_GET["sortorder"]) == true) { $net2ftp_globals["sortorder"] = validateSortorder($_GET["sortorder"]); } |
||
531 | else { $net2ftp_globals["sortorder"] = validateSortorder(""); } |
||
532 | $net2ftp_globals["sortorder_html"] = htmlEncode2($net2ftp_globals["sortorder"]); |
||
533 | $net2ftp_globals["sortorder_url"] = urlEncode2($net2ftp_globals["sortorder"]); |
||
534 | $net2ftp_globals["sortorder_js"] = javascriptEncode2($net2ftp_globals["sortorder"]); |
||
535 | |||
536 | // ---------------------------------------------- |
||
537 | // State |
||
538 | // ---------------------------------------------- |
||
539 | if (isset($_POST["state"]) == true) { $net2ftp_globals["state"] = validateState($_POST["state"]); } |
||
540 | elseif (isset($_GET["state"]) == true) { $net2ftp_globals["state"] = validateState($_GET["state"]); } |
||
541 | else { $net2ftp_globals["state"] = validateState(""); } |
||
542 | $net2ftp_globals["state_html"] = htmlEncode2($net2ftp_globals["state"]); |
||
543 | $net2ftp_globals["state_url"] = urlEncode2($net2ftp_globals["state"]); |
||
544 | $net2ftp_globals["state_js"] = javascriptEncode2($net2ftp_globals["state"]); |
||
545 | |||
546 | // ---------------------------------------------- |
||
547 | // State2 |
||
548 | // ---------------------------------------------- |
||
549 | if (isset($_POST["state2"]) == true) { $net2ftp_globals["state2"] = validateState2($_POST["state2"]); } |
||
550 | elseif (isset($_GET["state2"]) == true) { $net2ftp_globals["state2"] = validateState2($_GET["state2"]); } |
||
551 | else { $net2ftp_globals["state2"] = validateState2(""); } |
||
552 | $net2ftp_globals["state2_html"] = htmlEncode2($net2ftp_globals["state2"]); |
||
553 | $net2ftp_globals["state2_url"] = urlEncode2($net2ftp_globals["state2"]); |
||
554 | $net2ftp_globals["state2_js"] = javascriptEncode2($net2ftp_globals["state2"]); |
||
555 | |||
556 | // ---------------------------------------------- |
||
557 | // Directory |
||
558 | // ---------------------------------------------- |
||
559 | if (isset($_POST["directory"]) == true) { $net2ftp_globals["directory"] = validateDirectory($_POST["directory"]); } |
||
560 | elseif (isset($_GET["directory"]) == true) { $net2ftp_globals["directory"] = validateDirectory($_GET["directory"]); } |
||
561 | else { $net2ftp_globals["directory"] = ""; } |
||
562 | $net2ftp_globals["directory_html"] = htmlEncode2($net2ftp_globals["directory"]); |
||
563 | $net2ftp_globals["directory_url"] = urlEncode2($net2ftp_globals["directory"]); |
||
564 | $net2ftp_globals["directory_js"] = javascriptEncode2($net2ftp_globals["directory"]); |
||
565 | |||
566 | // printdirectory |
||
567 | if ($net2ftp_globals["directory"] != "" && $net2ftp_globals["directory"] != "/") { |
||
568 | $net2ftp_globals["printdirectory"] = $net2ftp_globals["directory"]; |
||
569 | } |
||
570 | else { |
||
571 | $net2ftp_globals["printdirectory"] = "/"; |
||
572 | } |
||
573 | |||
574 | // ---------------------------------------------- |
||
575 | // Entry |
||
576 | // ---------------------------------------------- |
||
577 | if (isset($_POST["entry"]) == true) { $net2ftp_globals["entry"] = validateEntry($_POST["entry"]); } |
||
578 | elseif (isset($_GET["entry"]) == true) { $net2ftp_globals["entry"] = validateEntry($_GET["entry"]); } |
||
579 | else { $net2ftp_globals["entry"] = ""; } |
||
580 | |||
581 | // Do not validate $entry when following symlinks, as this removes the -> symbol |
||
582 | // Validation of $entry is done in /modules/followsymlink/followsymlink.inc.php |
||
583 | if ($net2ftp_globals["state"] == "followsymlink") { |
||
584 | if (isset($_POST["entry"]) == true) { $net2ftp_globals["entry"] = $_POST["entry"]; } |
||
585 | elseif (isset($_GET["entry"]) == true) { $net2ftp_globals["entry"] = $_GET["entry"]; } |
||
586 | } |
||
587 | |||
588 | $net2ftp_globals["entry_html"] = htmlEncode2($net2ftp_globals["entry"]); |
||
589 | $net2ftp_globals["entry_url"] = urlEncode2($net2ftp_globals["entry"]); |
||
590 | $net2ftp_globals["entry_js"] = javascriptEncode2($net2ftp_globals["entry"]); |
||
591 | |||
592 | |||
593 | // ---------------------------------------------- |
||
594 | // Screen |
||
595 | // ---------------------------------------------- |
||
596 | if (isset($_POST["screen"]) == true) { $net2ftp_globals["screen"] = validateScreen($_POST["screen"]); } |
||
597 | elseif (isset($_GET["screen"]) == true) { $net2ftp_globals["screen"] = validateScreen($_GET["screen"]); } |
||
598 | else { $net2ftp_globals["screen"] = validateScreen(""); } |
||
599 | $net2ftp_globals["screen_html"] = htmlEncode2($net2ftp_globals["screen"]); |
||
600 | $net2ftp_globals["screen_url"] = urlEncode2($net2ftp_globals["screen"]); |
||
601 | $net2ftp_globals["screen_js"] = javascriptEncode2($net2ftp_globals["screen"]); |
||
602 | |||
603 | // ---------------------------------------------- |
||
604 | // MAMBO variables |
||
605 | // ---------------------------------------------- |
||
606 | if (defined("_VALID_MOS") == true) { |
||
607 | $option = $_GET["option"]; |
||
608 | $Itemid = $_GET["Itemid"]; |
||
609 | $net2ftp_globals["action_url"] .= "?option=$option&Itemid=$Itemid"; |
||
610 | } |
||
611 | |||
612 | // ---------------------------------------------- |
||
613 | // DRUPAL variables |
||
614 | // ---------------------------------------------- |
||
615 | if (defined("CACHE_PERMANENT") == true) { |
||
616 | $q = $_GET["q"]; |
||
617 | $net2ftp_globals["action_url"] .= "?q=$q"; |
||
618 | } |
||
619 | |||
620 | |||
621 | // ------------------------------------------------------------------------- |
||
622 | // 5.1 Delete the session data when logging out |
||
623 | // ------------------------------------------------------------------------- |
||
624 | if ($net2ftp_globals["state"] == "logout") { |
||
625 | $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = ""; |
||
626 | } |
||
627 | |||
628 | // ------------------------------------------------------------------------- |
||
629 | // 5.2 Redirect to login_small |
||
630 | // if session has expired |
||
631 | // if the IP address has changed (disabled as this may cause problems for some people) |
||
632 | // if the password is blank |
||
633 | // ------------------------------------------------------------------------- |
||
634 | |||
3 | daniel-mar | 635 | // Personal WebBase-Auskommentierung |
2 | daniel-mar | 636 | |
637 | /* if ($net2ftp_globals["state"] != "login" && $net2ftp_globals["state"] != "login_small" && |
||
638 | $_SESSION["net2ftp_session_id_old"] != $_SESSION["net2ftp_session_id_new"]) { |
||
639 | $net2ftp_globals["go_to_state"] = $net2ftp_globals["state"]; |
||
640 | $net2ftp_globals["go_to_state2"] = $net2ftp_globals["state2"]; |
||
641 | $net2ftp_globals["state"] = "login_small"; |
||
642 | $net2ftp_globals["state2"] = "session_expired"; |
||
643 | } |
||
644 | //elseif ($net2ftp_globals["state"] != "login" && $net2ftp_globals["state"] != "login_small" && |
||
645 | // $_SESSION["net2ftp_remote_addr_old"] != $_SESSION["net2ftp_remote_addr_new"]) { |
||
646 | // $net2ftp_globals["go_to_state"] = $net2ftp_globals["state"]; |
||
647 | // $net2ftp_globals["go_to_state2"] = $net2ftp_globals["state2"]; |
||
648 | // $net2ftp_globals["state"] = "login_small"; |
||
649 | // $net2ftp_globals["state2"] = "session_ipchanged"; |
||
650 | //} |
||
651 | elseif (substr($net2ftp_globals["state"], 0, 5) != "admin" && $net2ftp_globals["state"] != "clearcookies" && |
||
652 | $net2ftp_globals["state"] != "login" && $net2ftp_globals["state"] != "login_small" && |
||
653 | $net2ftp_globals["state"] != "logout" && $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] == "") { |
||
654 | $net2ftp_globals["state"] = "login"; |
||
655 | $net2ftp_globals["state2"] = ""; |
||
656 | } */ |
||
657 | |||
658 | // ------------------------------------------------------------------------- |
||
659 | // 6 COOKIE variabes |
||
660 | // ------------------------------------------------------------------------- |
||
661 | if (isset($_COOKIE["net2ftpcookie_ftpserver"]) == true) { $net2ftp_globals["cookie_ftpserver"] = validateFtpserver($_COOKIE["net2ftpcookie_ftpserver"]); } |
||
662 | else { $net2ftp_globals["cookie_ftpserver"] = ""; } |
||
663 | if (isset($_COOKIE["net2ftpcookie_ftpserverport"]) == true) { $net2ftp_globals["cookie_ftpserverport"] = validateFtpserverport($_COOKIE["net2ftpcookie_ftpserverport"]); } |
||
664 | else { $net2ftp_globals["cookie_ftpserverport"] = ""; } |
||
665 | if (isset($_COOKIE["net2ftpcookie_username"]) == true) { $net2ftp_globals["cookie_username"] = validateUsername($_COOKIE["net2ftpcookie_username"]); } |
||
666 | else { $net2ftp_globals["cookie_username"] = ""; } |
||
667 | if (isset($_COOKIE["net2ftpcookie_language"]) == true) { $net2ftp_globals["cookie_language"] = validateLanguage($_COOKIE["net2ftpcookie_language"]); } |
||
668 | else { $net2ftp_globals["cookie_language"] = ""; } |
||
669 | if (isset($_COOKIE["net2ftpcookie_skin"]) == true) { $net2ftp_globals["cookie_skin"] = validateSkin($_COOKIE["net2ftpcookie_skin"]); } |
||
670 | else { $net2ftp_globals["cookie_skin"] = ""; } |
||
671 | if (isset($_COOKIE["net2ftpcookie_ftpmode"]) == true) { $net2ftp_globals["cookie_ftpmode"] = validateFtpmode($_COOKIE["net2ftpcookie_ftpmode"]); } |
||
672 | else { $net2ftp_globals["cookie_ftpmode"] = ""; } |
||
673 | if (isset($_COOKIE["net2ftpcookie_passivemode"]) == true) { $net2ftp_globals["cookie_passivemode"] = validatePassivemode($_COOKIE["net2ftpcookie_passivemode"]); } |
||
674 | else { $net2ftp_globals["cookie_passivemode"] = ""; } |
||
675 | if (isset($_COOKIE["net2ftpcookie_sslconnect"]) == true) { $net2ftp_globals["cookie_sslconnect"] = validateSslconnect($_COOKIE["net2ftpcookie_sslconnect"]); } |
||
676 | else { $net2ftp_globals["cookie_sslconnect"] = ""; } |
||
677 | if (isset($_COOKIE["net2ftpcookie_viewmode"]) == true) { $net2ftp_globals["cookie_viewmode"] = validateViewmode($_COOKIE["net2ftpcookie_viewmode"]); } |
||
678 | else { $net2ftp_globals["cookie_viewmode"] = ""; } |
||
679 | if (isset($_COOKIE["net2ftpcookie_directory"]) == true) { $net2ftp_globals["cookie_directory"] = validateDirectory($_COOKIE["net2ftpcookie_directory"]); } |
||
680 | else { $net2ftp_globals["cookie_directory"] = ""; } |
||
681 | if (isset($_COOKIE["net2ftpcookie_sort"]) == true) { $net2ftp_globals["cookie_sort"] = validateSort($_COOKIE["net2ftpcookie_sort"]); } |
||
682 | else { $net2ftp_globals["cookie_sort"] = ""; } |
||
683 | if (isset($_COOKIE["net2ftpcookie_sortorder"]) == true) { $net2ftp_globals["cookie_sortorder"] = validateSortorder($_COOKIE["net2ftpcookie_sortorder"]); } |
||
684 | else { $net2ftp_globals["cookie_sortorder"] = ""; } |
||
685 | |||
686 | |||
687 | // ------------------------------------------------------------------------- |
||
688 | // 7 Get information about the browser and protocol |
||
689 | // ------------------------------------------------------------------------- |
||
690 | $net2ftp_globals["browser_agent"] = getBrowser("agent"); |
||
691 | $net2ftp_globals["browser_version"] = getBrowser("version"); |
||
692 | $net2ftp_globals["browser_platform"] = getBrowser("platform"); |
||
693 | |||
694 | |||
695 | |||
696 | |||
697 | |||
698 | // ************************************************************************************** |
||
699 | // ************************************************************************************** |
||
700 | // ** ** |
||
701 | // ** ** |
||
702 | |||
703 | function remove_magic_quotes(&$x, $keyname="") { |
||
704 | |||
705 | // http://www.php.net/manual/en/configuration.php#ini.magic-quotes-gpc (by the way: gpc = get post cookie) |
||
706 | // if (magic_quotes_gpc == 1), then PHP converts automatically " --> \", ' --> \' |
||
707 | // Has only to be done when getting info from get post cookie |
||
708 | if (get_magic_quotes_gpc() == 1) { |
||
709 | |||
710 | if (is_array($x)) { |
||
711 | while (list($key,$value) = each($x)) { |
||
712 | if ($value) { remove_magic_quotes($x[$key],$key); } |
||
713 | } |
||
714 | } |
||
715 | else { |
||
716 | $quote = "'"; |
||
717 | $doublequote = "\""; |
||
718 | $backslash = "\\"; |
||
719 | |||
720 | $x = str_replace("$backslash$quote", $quote, $x); |
||
721 | $x = str_replace("$backslash$doublequote", $doublequote, $x); |
||
722 | $x = str_replace("$backslash$backslash", $backslash, $x); |
||
723 | } |
||
724 | |||
725 | } // end if get_magic_quotes_gpc |
||
726 | |||
727 | return $x; |
||
728 | |||
729 | } // end function remove_magic_quotes |
||
730 | |||
731 | // ** ** |
||
732 | // ** ** |
||
733 | // ************************************************************************************** |
||
734 | // ************************************************************************************** |
||
735 | |||
736 | |||
737 | |||
738 | |||
739 | |||
740 | // ************************************************************************************** |
||
741 | // ************************************************************************************** |
||
742 | // ** ** |
||
743 | // ** ** |
||
744 | |||
745 | function validateFtpserver($ftpserver) { |
||
746 | |||
747 | // -------------- |
||
748 | // Input: " ftp://something.domainname.com:123/directory/file " |
||
749 | // Output: "something.domainname.com" |
||
750 | // -------------- |
||
751 | |||
752 | // Remove invisible characters in the beginning and at the end |
||
753 | $ftpserver = trim($ftpserver); |
||
754 | |||
755 | // Remove possible "ftp://" |
||
756 | if (substr($ftpserver, 0, 6) == "ftp://") { |
||
757 | $ftpserver = substr($ftpserver, 6); |
||
758 | } |
||
759 | |||
760 | // Remove a possible port nr ":123" |
||
761 | if (preg_match("/(.*)[:]{1}[0-9]+/", $ftpserver, $regs) == true) { |
||
762 | $ftpserver = $regs[1]; |
||
763 | } |
||
764 | |||
765 | // Remove a possible trailing / or \ |
||
766 | // Remove a possible directory and file "/directory/file" |
||
767 | if (preg_match("/[\\/\\\\]*(.*)[\\/\\\\]{1,}.*/", $ftpserver, $regs) == true) { |
||
768 | // Any characters like / or \ |
||
769 | // Anything |
||
770 | // Followed by at least one / or \ |
||
771 | // Followed by any characters |
||
772 | $ftpserver = $regs[1]; |
||
773 | } |
||
774 | |||
775 | // FTP server may only contain specific characters |
||
776 | $ftpserver = preg_replace("/[^A-Za-z0-9._-]/", "", $ftpserver); |
||
777 | |||
778 | return $ftpserver; |
||
779 | |||
780 | } // end validateFTPserver |
||
781 | |||
782 | // ** ** |
||
783 | // ** ** |
||
784 | // ************************************************************************************** |
||
785 | // ************************************************************************************** |
||
786 | |||
787 | |||
788 | |||
789 | |||
790 | |||
791 | // ************************************************************************************** |
||
792 | // ************************************************************************************** |
||
793 | // ** ** |
||
794 | // ** ** |
||
795 | |||
796 | function validateFtpserverport($ftpserverport) { |
||
797 | |||
798 | // -------------- |
||
799 | // This function validates the FTP server port |
||
800 | // -------------- |
||
801 | |||
802 | // Remove invisible characters in the beginning and at the end |
||
803 | $ftpserverport = trim($ftpserverport); |
||
804 | |||
805 | // FTP server port must be numeric and > 0 and < 65536, else set it to 21 |
||
806 | if (is_numeric($ftpserverport) != true || $ftpserverport < 0 || $ftpserverport > 65536) { |
||
807 | $ftpserverport = 21; |
||
808 | } |
||
809 | |||
810 | return $ftpserverport; |
||
811 | |||
812 | } // end validateFtpserverport |
||
813 | |||
814 | // ** ** |
||
815 | // ** ** |
||
816 | // ************************************************************************************** |
||
817 | // ************************************************************************************** |
||
818 | |||
819 | |||
820 | |||
821 | |||
822 | |||
823 | // ************************************************************************************** |
||
824 | // ************************************************************************************** |
||
825 | // ** ** |
||
826 | // ** ** |
||
827 | |||
828 | function validateUsername($username) { |
||
829 | |||
830 | // -------------- |
||
831 | // This function validates the username |
||
832 | // -------------- |
||
833 | |||
834 | // Remove invisible characters in the beginning and at the end |
||
835 | $username = trim($username); |
||
836 | |||
837 | // Username may only contain specific characters |
||
838 | // $username = preg_replace("/[^A-Za-z0-9@+._\\/-]/", "", $username); |
||
839 | |||
840 | return $username; |
||
841 | |||
842 | } // end validateUsername |
||
843 | |||
844 | // ** ** |
||
845 | // ** ** |
||
846 | // ************************************************************************************** |
||
847 | // ************************************************************************************** |
||
848 | |||
849 | |||
850 | |||
851 | |||
852 | |||
853 | // ************************************************************************************** |
||
854 | // ************************************************************************************** |
||
855 | // ** ** |
||
856 | // ** ** |
||
857 | |||
858 | function validatePasswordEncrypted($password_encrypted) { |
||
859 | |||
860 | // -------------- |
||
861 | // This function validates the encrypted password |
||
862 | // -------------- |
||
863 | |||
864 | // Remove invisible characters in the beginning and at the end |
||
865 | $password_encrypted = trim($password_encrypted); |
||
866 | |||
867 | // Encrypted password may only contain specific characters |
||
868 | $password_encrypted = preg_replace("/[^A-Fa-f0-9]/", "", $password_encrypted); |
||
869 | |||
870 | return $password_encrypted; |
||
871 | |||
872 | } // end validatePasswordEncrypted |
||
873 | |||
874 | // ** ** |
||
875 | // ** ** |
||
876 | // ************************************************************************************** |
||
877 | // ************************************************************************************** |
||
878 | |||
879 | |||
880 | |||
881 | |||
882 | |||
883 | // ************************************************************************************** |
||
884 | // ************************************************************************************** |
||
885 | // ** ** |
||
886 | // ** ** |
||
887 | |||
888 | function validatePassword($password) { |
||
889 | |||
890 | // -------------- |
||
891 | // This function validates the plain password |
||
892 | // -------------- |
||
893 | |||
894 | // Remove invisible characters in the beginning and at the end |
||
895 | $password = trim($password); |
||
896 | |||
897 | return $password; |
||
898 | |||
899 | } // end validatePassword |
||
900 | |||
901 | // ** ** |
||
902 | // ** ** |
||
903 | // ************************************************************************************** |
||
904 | // ************************************************************************************** |
||
905 | |||
906 | |||
907 | |||
908 | |||
909 | |||
910 | // ************************************************************************************** |
||
911 | // ************************************************************************************** |
||
912 | // ** ** |
||
913 | // ** ** |
||
914 | |||
915 | function validateLanguage($language) { |
||
916 | |||
917 | // -------------- |
||
918 | // This function validates the language |
||
919 | // -------------- |
||
920 | |||
921 | global $net2ftp_settings; |
||
922 | $languageArray = getLanguageArray(); |
||
923 | if (isset($languageArray[$language]) == true) { |
||
924 | return $language; |
||
925 | } |
||
926 | elseif (isset($_COOKIE["net2ftpcookie_language"]) == true && isset($languageArray[$_COOKIE["net2ftpcookie_language"]]) == true) { |
||
927 | return $_COOKIE["net2ftpcookie_language"]; |
||
928 | } |
||
929 | elseif (isset($languageArray[$net2ftp_settings["default_language"]]) == true){ |
||
930 | return $net2ftp_settings["default_language"]; |
||
931 | } |
||
932 | else { |
||
933 | return "en"; |
||
934 | } |
||
935 | |||
936 | } // end validateLanguage |
||
937 | |||
938 | // ** ** |
||
939 | // ** ** |
||
940 | // ************************************************************************************** |
||
941 | // ************************************************************************************** |
||
942 | |||
943 | |||
944 | |||
945 | |||
946 | |||
947 | // ************************************************************************************** |
||
948 | // ************************************************************************************** |
||
949 | // ** ** |
||
950 | // ** ** |
||
951 | |||
952 | function validateSkin($skin) { |
||
953 | |||
954 | // -------------- |
||
955 | // This function validates the skin |
||
956 | // -------------- |
||
957 | |||
958 | global $net2ftp_settings; |
||
959 | $skinArray = getSkinArray(); |
||
960 | if (isset($skinArray[$skin]) == true) { |
||
961 | return $skin; |
||
962 | } |
||
963 | elseif (isset($_COOKIE["net2ftpcookie_skin"]) == true && isset($skinArray[$_COOKIE["net2ftpcookie_skin"]]) == true) { |
||
964 | return $_COOKIE["net2ftpcookie_skin"]; |
||
965 | } |
||
966 | else { |
||
967 | if (defined("_VALID_MOS") == true) { return "mambo"; } |
||
968 | elseif (defined("CACHE_PERMANENT") == true) { return "drupal"; } |
||
969 | elseif (defined("XOOPS_ROOT_PATH") == true) { return "xoops"; } |
||
970 | elseif (getBrowser("platform") == "Mobile") { return "mobile"; } |
||
971 | elseif (isset($skinArray[$net2ftp_settings["default_skin"]]) == true){ return $net2ftp_settings["default_skin"]; } |
||
972 | else { return "india"; } |
||
973 | } |
||
974 | |||
975 | } // end validateSkin |
||
976 | |||
977 | // ** ** |
||
978 | // ** ** |
||
979 | // ************************************************************************************** |
||
980 | // ************************************************************************************** |
||
981 | |||
982 | |||
983 | |||
984 | |||
985 | |||
986 | // ************************************************************************************** |
||
987 | // ************************************************************************************** |
||
988 | // ** ** |
||
989 | // ** ** |
||
990 | |||
991 | function validateFtpmode($ftpmode) { |
||
992 | |||
993 | // -------------- |
||
994 | // This function validates the FTP mode |
||
995 | // -------------- |
||
996 | |||
997 | if ($ftpmode == "ascii" || $ftpmode == "binary" || $ftpmode == "automatic") { |
||
998 | return $ftpmode; |
||
999 | } |
||
1000 | elseif (isset($_COOKIE["net2ftpcookie_ftpmode"]) == true && ($_COOKIE["net2ftpcookie_ftpmode"] == "ascii" || $_COOKIE["net2ftpcookie_ftpmode"] == "binary" || $_COOKIE["net2ftpcookie_ftpmode"] == "automatic")) { |
||
1001 | return $_COOKIE["net2ftpcookie_ftpmode"]; |
||
1002 | } |
||
1003 | else { |
||
1004 | // Before PHP version 4.3.11, bug 27633 can cause problems in ASCII mode ==> use BINARY mode |
||
1005 | // As from PHP version 4.3.11, bug 27633 is fixed ==> use Automatic mode |
||
1006 | if (version_compare(phpversion(), "4.3.11", "<")) { return "binary"; } |
||
1007 | else { return "automatic"; } |
||
1008 | } |
||
1009 | |||
1010 | } // end validateFtpmode |
||
1011 | |||
1012 | // ** ** |
||
1013 | // ** ** |
||
1014 | // ************************************************************************************** |
||
1015 | // ************************************************************************************** |
||
1016 | |||
1017 | |||
1018 | |||
1019 | |||
1020 | |||
1021 | // ************************************************************************************** |
||
1022 | // ************************************************************************************** |
||
1023 | // ** ** |
||
1024 | // ** ** |
||
1025 | |||
1026 | function validatePassivemode($passivemode) { |
||
1027 | |||
1028 | // -------------- |
||
1029 | // This function validates the passive mode |
||
1030 | // -------------- |
||
1031 | |||
1032 | if ($passivemode != "yes") { |
||
1033 | $passivemode = "no"; |
||
1034 | } |
||
1035 | return $passivemode; |
||
1036 | |||
1037 | } // end validatePassivemode |
||
1038 | |||
1039 | // ** ** |
||
1040 | // ** ** |
||
1041 | // ************************************************************************************** |
||
1042 | // ************************************************************************************** |
||
1043 | |||
1044 | |||
1045 | |||
1046 | |||
1047 | |||
1048 | // ************************************************************************************** |
||
1049 | // ************************************************************************************** |
||
1050 | // ** ** |
||
1051 | // ** ** |
||
1052 | |||
1053 | function validateSslconnect($sslmode) { |
||
1054 | |||
1055 | // -------------- |
||
1056 | // This function validates the SSL mode |
||
1057 | // -------------- |
||
1058 | |||
1059 | if ($sslmode != "yes") { |
||
1060 | $sslmode = "no"; |
||
1061 | } |
||
1062 | return $sslmode; |
||
1063 | |||
1064 | } // end validateSslconnect |
||
1065 | |||
1066 | // ** ** |
||
1067 | // ** ** |
||
1068 | // ************************************************************************************** |
||
1069 | // ************************************************************************************** |
||
1070 | |||
1071 | |||
1072 | |||
1073 | |||
1074 | |||
1075 | // ************************************************************************************** |
||
1076 | // ************************************************************************************** |
||
1077 | // ** ** |
||
1078 | // ** ** |
||
1079 | |||
1080 | function validateViewmode($viewmode) { |
||
1081 | |||
1082 | // -------------- |
||
1083 | // This function validates the view mode |
||
1084 | // -------------- |
||
1085 | |||
1086 | if ($viewmode != "icons") { |
||
1087 | $viewmode = "list"; |
||
1088 | } |
||
1089 | return $viewmode; |
||
1090 | |||
1091 | } // end validateViewmode |
||
1092 | |||
1093 | // ** ** |
||
1094 | // ** ** |
||
1095 | // ************************************************************************************** |
||
1096 | // ************************************************************************************** |
||
1097 | |||
1098 | |||
1099 | |||
1100 | |||
1101 | |||
1102 | // ************************************************************************************** |
||
1103 | // ************************************************************************************** |
||
1104 | // ** ** |
||
1105 | // ** ** |
||
1106 | |||
1107 | function validateSort($sort) { |
||
1108 | |||
1109 | // -------------- |
||
1110 | // This function validates the sorting criteria |
||
1111 | // -------------- |
||
1112 | |||
1113 | if ( $sort != "" && |
||
1114 | $sort != "dirfilename" && |
||
1115 | $sort != "type" && |
||
1116 | $sort != "size" && |
||
1117 | $sort != "owner" && |
||
1118 | $sort != "group" && |
||
1119 | $sort != "permissions" && |
||
1120 | $sort != "mtime") { |
||
1121 | $sort = "dirfilename"; |
||
1122 | } |
||
1123 | return $sort; |
||
1124 | |||
1125 | } // end validateSort |
||
1126 | |||
1127 | // ** ** |
||
1128 | // ** ** |
||
1129 | // ************************************************************************************** |
||
1130 | // ************************************************************************************** |
||
1131 | |||
1132 | |||
1133 | |||
1134 | |||
1135 | |||
1136 | // ************************************************************************************** |
||
1137 | // ************************************************************************************** |
||
1138 | // ** ** |
||
1139 | // ** ** |
||
1140 | |||
1141 | function validateSortorder($sortorder) { |
||
1142 | |||
1143 | // -------------- |
||
1144 | // This function validates the sort order |
||
1145 | // -------------- |
||
1146 | |||
1147 | if ( $sortorder != "" && |
||
1148 | $sortorder != "descending") { |
||
1149 | $sortorder = "ascending"; |
||
1150 | } |
||
1151 | return $sortorder; |
||
1152 | |||
1153 | } // end validateSortorder |
||
1154 | |||
1155 | // ** ** |
||
1156 | // ** ** |
||
1157 | // ************************************************************************************** |
||
1158 | // ************************************************************************************** |
||
1159 | |||
1160 | |||
1161 | |||
1162 | |||
1163 | |||
1164 | // ************************************************************************************** |
||
1165 | // ************************************************************************************** |
||
1166 | // ** ** |
||
1167 | // ** ** |
||
1168 | |||
1169 | function validateState($state) { |
||
1170 | |||
1171 | // -------------- |
||
1172 | // This function validates the state variable |
||
1173 | // -------------- |
||
1174 | |||
1175 | $statelist[] = "admin"; |
||
1176 | $statelist[] = "admin_createtables"; |
||
1177 | $statelist[] = "admin_emptylogs"; |
||
1178 | $statelist[] = "admin_viewlogs"; |
||
1179 | $statelist[] = "advanced"; |
||
1180 | $statelist[] = "advanced_ftpserver"; |
||
1181 | $statelist[] = "advanced_parsing"; |
||
1182 | $statelist[] = "advanced_webserver"; |
||
1183 | $statelist[] = "bookmark"; |
||
1184 | $statelist[] = "browse"; |
||
1185 | $statelist[] = "calculatesize"; |
||
1186 | $statelist[] = "chmod"; |
||
1187 | $statelist[] = "clearcookies"; |
||
1188 | $statelist[] = "copymovedelete"; |
||
1189 | $statelist[] = "downloadfile"; |
||
1190 | $statelist[] = "downloadzip"; |
||
1191 | $statelist[] = "edit"; |
||
1192 | $statelist[] = "findstring"; |
||
1193 | $statelist[] = "followsymlink"; |
||
1194 | $statelist[] = "install"; |
||
1195 | $statelist[] = "jupload"; |
||
1196 | $statelist[] = "login"; |
||
1197 | $statelist[] = "login_small"; |
||
1198 | $statelist[] = "logout"; |
||
1199 | $statelist[] = "newdir"; |
||
1200 | $statelist[] = "newfile"; |
||
1201 | $statelist[] = "raw"; |
||
1202 | $statelist[] = "rename"; |
||
1203 | $statelist[] = "unzip"; |
||
1204 | $statelist[] = "upload"; |
||
1205 | $statelist[] = "view"; |
||
1206 | $statelist[] = "zip"; |
||
1207 | |||
1208 | if (in_array($state, $statelist) == false) { |
||
1209 | $state = "login"; |
||
1210 | } |
||
1211 | |||
1212 | return $state; |
||
1213 | |||
1214 | } // end validateState |
||
1215 | |||
1216 | // ** ** |
||
1217 | // ** ** |
||
1218 | // ************************************************************************************** |
||
1219 | // ************************************************************************************** |
||
1220 | |||
1221 | |||
1222 | |||
1223 | |||
1224 | |||
1225 | // ************************************************************************************** |
||
1226 | // ************************************************************************************** |
||
1227 | // ** ** |
||
1228 | // ** ** |
||
1229 | |||
1230 | function validateState2($state2) { |
||
1231 | |||
1232 | // -------------- |
||
1233 | // This function validates the state2 variable |
||
1234 | // -------------- |
||
1235 | |||
1236 | if ($state2 != "") { |
||
1237 | |||
1238 | // State2 may only contain specific characters |
||
1239 | $state2 = preg_replace("/[^A-Za-z0-9_-]/", "", $state2); |
||
1240 | } |
||
1241 | |||
1242 | return $state2; |
||
1243 | |||
1244 | } // end validateState2 |
||
1245 | |||
1246 | // ** ** |
||
1247 | // ** ** |
||
1248 | // ************************************************************************************** |
||
1249 | // ************************************************************************************** |
||
1250 | |||
1251 | |||
1252 | |||
1253 | |||
1254 | |||
1255 | // ************************************************************************************** |
||
1256 | // ************************************************************************************** |
||
1257 | // ** ** |
||
1258 | // ** ** |
||
1259 | |||
1260 | function validateEntry($entry) { |
||
1261 | |||
1262 | // -------------- |
||
1263 | // This function validates the entry |
||
1264 | // Remove the following characters \/:*?"<>| |
||
1265 | // -------------- |
||
1266 | |||
1267 | // Remove \ / : * ? < > | |
||
1268 | $entry = preg_replace("/[\\\\\\/\\:\\*\\?\\<\\>\\|]/", "", $entry); |
||
1269 | |||
1270 | return $entry; |
||
1271 | |||
1272 | } // end validateEntry |
||
1273 | |||
1274 | // ** ** |
||
1275 | // ** ** |
||
1276 | // ************************************************************************************** |
||
1277 | // ************************************************************************************** |
||
1278 | |||
1279 | |||
1280 | |||
1281 | |||
1282 | |||
1283 | // ************************************************************************************** |
||
1284 | // ************************************************************************************** |
||
1285 | // ** ** |
||
1286 | // ** ** |
||
1287 | |||
1288 | function validateScreen($screen) { |
||
1289 | |||
1290 | // -------------- |
||
1291 | // This function validates the screen variable |
||
1292 | // -------------- |
||
1293 | |||
1294 | if ($screen != 1 && $screen != 2 && $screen != 3) { |
||
1295 | $screen = 1; |
||
1296 | } |
||
1297 | return $screen; |
||
1298 | |||
1299 | } // end validateScreen |
||
1300 | |||
1301 | // ** ** |
||
1302 | // ** ** |
||
1303 | // ************************************************************************************** |
||
1304 | // ************************************************************************************** |
||
1305 | |||
1306 | |||
1307 | |||
1308 | |||
1309 | |||
1310 | // ************************************************************************************** |
||
1311 | // ************************************************************************************** |
||
1312 | // ** ** |
||
1313 | // ** ** |
||
1314 | |||
1315 | function validateDirectory($directory) { |
||
1316 | |||
1317 | // -------------- |
||
1318 | // Input: "/dir1/dir2/dir3/../../dir4/dir5" |
||
1319 | // Output: "/dir1/dir4/dir5" |
||
1320 | // Remove the following characters \/:*?"<>| |
||
1321 | // -------------- |
||
1322 | |||
1323 | // ------------------------------------------------------------------------- |
||
1324 | // Nothing to do if the directory is the root directory |
||
1325 | // ------------------------------------------------------------------------- |
||
1326 | if ($directory == "") { return ""; } |
||
1327 | elseif ($directory == "/") { return "/"; } |
||
1328 | |||
1329 | // ------------------------------------------------------------------------- |
||
1330 | // Check if the directory contains ".." |
||
1331 | // ------------------------------------------------------------------------- |
||
1332 | if (strpos($directory, "..") === false) { |
||
1333 | $directory = "/" . stripDirectory($directory); |
||
1334 | } |
||
1335 | else { |
||
1336 | $directory = stripDirectory($directory); |
||
1337 | |||
1338 | // Split down into parts |
||
1339 | // directoryparts[0] contains the first part, directoryparts[1] the second,... |
||
1340 | $directoryparts = explode("/", $directory); |
||
1341 | |||
1342 | // Start from the end |
||
1343 | // If you encounter N times a "..", do not take into account the next N parts which are not ".." |
||
1344 | // Example: "/dir1/dir2/dir3/../../dir4/dir5" ----> "/dir1/dir4/dir5" |
||
1345 | $doubledotcounter = 0; |
||
1346 | $newdirectory = ""; |
||
1347 | $sizeof_directoryparts = sizeof($directoryparts); |
||
1348 | for ($i=$sizeof_directoryparts-1; $i>=0; $i=$i-1) { |
||
1349 | if ($directoryparts[$i] == "..") { $doubledotcounter = $doubledotcounter + 1; } |
||
1350 | else { |
||
1351 | if ($doubledotcounter == 0) { $newdirectory = $directoryparts[$i] . "/" . $newdirectory; } // Add the new part in front |
||
1352 | elseif ($doubledotcounter > 0) { $doubledotcounter = $doubledotcounter - 1; } // Don't add the part, and reduce the counter by 1 |
||
1353 | } |
||
1354 | } // end for |
||
1355 | |||
1356 | $directory = "/" . stripDirectory($newdirectory); |
||
1357 | |||
1358 | } // end if else |
||
1359 | |||
1360 | // Remove : * ? " < > | |
||
1361 | // $directory = preg_replace("/[\\:\\*\\?\\\"\\<\\>\\|]/", "", $directory); |
||
1362 | |||
1363 | // Remove : * ? < > | |
||
1364 | $directory = preg_replace("/[\\:\\*\\?\\<\\>\\|]/", "", $directory); |
||
1365 | |||
1366 | return $directory; |
||
1367 | |||
1368 | } // end validateDirectory |
||
1369 | |||
1370 | // ** ** |
||
1371 | // ** ** |
||
1372 | // ************************************************************************************** |
||
1373 | // ************************************************************************************** |
||
1374 | |||
1375 | |||
1376 | |||
1377 | |||
1378 | |||
1379 | // ************************************************************************************** |
||
1380 | // ************************************************************************************** |
||
1381 | // ** ** |
||
1382 | // ** ** |
||
1383 | |||
1384 | function validateFileGetContents($file) { |
||
1385 | |||
1386 | // -------------- |
||
1387 | // This function validates a filename; it may not contain ../ or ..\ or %00 |
||
1388 | // This is used to secure tiny_mce_gzip.php |
||
1389 | // -------------- |
||
1390 | |||
1391 | $file = str_replace("../", "", $file); |
||
1392 | $file = str_replace("..\\", "", $file); |
||
1393 | $file = str_replace("%00", "", $file); |
||
1394 | return $file; |
||
1395 | |||
1396 | } // end validateFileGetContents |
||
1397 | |||
1398 | // ** ** |
||
1399 | // ** ** |
||
1400 | // ************************************************************************************** |
||
1401 | // ************************************************************************************** |
||
1402 | |||
1403 | |||
1404 | |||
1405 | |||
1406 | |||
1407 | // ************************************************************************************** |
||
1408 | // ************************************************************************************** |
||
1409 | // ** ** |
||
1410 | // ** ** |
||
1411 | |||
1412 | function validateGenericInput($input) { |
||
1413 | |||
1414 | // -------------- |
||
1415 | // Remove the following characters <> |
||
1416 | // -------------- |
||
1417 | |||
1418 | $input = preg_replace("/\\<\\>]/", "", $input); |
||
1419 | return $input; |
||
1420 | |||
1421 | } // end validateGenericInput |
||
1422 | |||
1423 | // ** ** |
||
1424 | // ** ** |
||
1425 | // ************************************************************************************** |
||
1426 | // ************************************************************************************** |
||
1427 | |||
1428 | |||
1429 | |||
1430 | |||
1431 | |||
1432 | // ************************************************************************************** |
||
1433 | // ************************************************************************************** |
||
1434 | // ** ** |
||
1435 | // ** ** |
||
1436 | |||
1437 | function validateTextareaType($textareaType) { |
||
1438 | |||
1439 | // -------------- |
||
1440 | // Remove the following characters <> |
||
1441 | // -------------- |
||
1442 | |||
1443 | if ( $textareaType != "plain" && |
||
1444 | $textareaType != "fckeditor" && |
||
1445 | $textareaType != "tinymce" && |
||
1446 | $textareaType != "codepress") { |
||
1447 | $textareaType = "plain"; |
||
1448 | } |
||
1449 | return $textareaType; |
||
1450 | |||
1451 | } // end validateTextareaType |
||
1452 | |||
1453 | // ** ** |
||
1454 | // ** ** |
||
1455 | // ************************************************************************************** |
||
1456 | // ************************************************************************************** |
||
1457 | |||
3 | daniel-mar | 1458 | ?> |