2009-05-21 17:50:55 +03:00
|
|
|
<?php
|
|
|
|
/*-------------------------------------------------------
|
|
|
|
*
|
|
|
|
* LiveStreet Engine Social Networking
|
|
|
|
* Copyright © 2008 Mzhelskiy Maxim
|
|
|
|
*
|
|
|
|
*--------------------------------------------------------
|
|
|
|
*
|
|
|
|
* Official site: www.livestreet.ru
|
|
|
|
* Contact e-mail: rus.engine@gmail.com
|
|
|
|
*
|
|
|
|
* GNU General Public License, version 2:
|
|
|
|
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
|
|
|
|
*
|
|
|
|
---------------------------------------------------------
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Модуль безопасности
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
class LsSecurity extends Module {
|
|
|
|
/**
|
|
|
|
* Инициализируем модуль
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public function Init() {
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function ValidateSendForm() {
|
2009-10-17 03:27:22 +03:00
|
|
|
if (!($this->ValidateSessionKey() && 1)) {
|
2009-05-21 17:50:55 +03:00
|
|
|
die("Hacking attemp!");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function ValidateReferal() {
|
|
|
|
if (isset($_SERVER['HTTP_REFERER'])) {
|
2009-05-21 19:07:56 +03:00
|
|
|
$aUrl=parse_url($_SERVER['HTTP_REFERER']);
|
2009-10-03 18:25:49 +03:00
|
|
|
if (strcasecmp($aUrl['host'],$_SERVER['HTTP_HOST'])==0) {
|
2009-05-21 17:50:55 +03:00
|
|
|
return true;
|
2009-05-21 19:07:56 +03:00
|
|
|
} elseif (preg_match("/\.".quotemeta($_SERVER['HTTP_HOST'])."$/i",$aUrl['host'])) {
|
|
|
|
return true;
|
2009-10-03 02:01:46 +03:00
|
|
|
}
|
2009-05-21 17:50:55 +03:00
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
2009-10-17 03:27:22 +03:00
|
|
|
/**
|
|
|
|
* Проверяет наличие security-ключа в сессии
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function ValidateSessionKey($sCode=null) {
|
|
|
|
if(!$sCode) $sCode=getRequest('security_ls_key');
|
|
|
|
return ($sCode==$this->Session_Get(Config::Get('module.security.key')));
|
|
|
|
}
|
|
|
|
/**
|
|
|
|
* Устанавливает security-ключ в сессию
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public function SetSessionKey() {
|
2009-10-20 02:42:23 +03:00
|
|
|
$sCode = md5($this->Session_GetId().Config::Get('module.security.hash'));
|
|
|
|
if($this->User_IsAuthorization()) $this->Session_Set(Config::Get('module.security.key'), $sCode);
|
2009-10-17 03:27:22 +03:00
|
|
|
$this->Viewer_Assign('LIVESTREET_SECURITY_KEY',$sCode);
|
|
|
|
|
|
|
|
return $sCode;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function Shutdown() {
|
|
|
|
$this->SetSessionKey();
|
|
|
|
}
|
2009-05-21 17:50:55 +03:00
|
|
|
}
|
|
|
|
?>
|