Untitled

<?php
@session_start();
/*
|---------------------------------------------------------------
| PHP ERROR REPORTING LEVEL
|---------------------------------------------------------------
|
| By default CI runs with error reporting set to ALL.  For security
| reasons you are encouraged to change this when your site goes live.
| For more info visit:  http://www.php.net/error_reporting
|
*/

    error_reporting(E_ALL);

/*
|---------------------------------------------------------------
| SYSTEM FOLDER NAME
|---------------------------------------------------------------
|
| This variable must contain the name of your "system" folder.
| Include the path if the folder is not in the same  directory
| as this file.
|
| NO TRAILING SLASH!
|
*/
    $system_folder = "system";

/*
|---------------------------------------------------------------
| APPLICATION FOLDER NAME
|---------------------------------------------------------------
|
| If you want this front controller to use a different "application"
| folder then the default one you can set its name here. The folder
| can also be renamed or relocated anywhere on your server.
| For more info please see the user guide:
| http://codeigniter.com/user_guide/general/managing_apps.html
|
|
| NO TRAILING SLASH!
|
*/
    $application_folder = "rf_office";
    define('APPFOLDER', $application_folder);
    define('LD' ,   '{');
    define('RD' ,   '}');
/*
|===============================================================
| END OF USER CONFIGURABLE SETTINGS
|===============================================================
*/
// ------------------------------------------------------------------------
    function db_mssql_check_xss2 () {
        $url = html_entity_decode(urldecode($_SERVER['QUERY_STRING']));
        if ($url) {
            if ((strpos($url, '<') !== false) ||
                (strpos($url, '>') !== false) ||
                (strpos($url, '"') !== false) ||
                (strpos($url, '\'') !== false) ||
                (strpos($url, './') !== false) ||
                (strpos($url, '../') !== false) ||
                (strpos($url, '--') !== false) ||
                (strpos($url, '|') !== false) ||
                (strpos($url, '.php') !== false)
               )
            {
                exit("Hacking attept! Found text: ".$_SERVER['QUERY_STRING']);
                die("Hacking attept!");
            }
        }
        $url = html_entity_decode(urldecode($_SERVER['REQUEST_URI']));
        if ($url) {
            if ((strpos($url, '<') !== false) ||
                (strpos($url, '>') !== false) ||
                (strpos($url, '"') !== false) ||
                (strpos($url, '\'') !== false)
               )
            {
                exit("Hacking attept! Found text: ".$_SERVER['REQUEST_URI']);
                die("Hacking attept!");
            }
        }

    }
    /*
        Обработка глобального POST массива
        защищает от XSS и SQL Injection
    */
     function check_sql_inject2()
      {
        $badchars = array("--","truncate","tbl_","exec",";","'","*","|","drop","select","update","delete","where");
        foreach($_POST as $value)
        {
            foreach($badchars as $bad)
            {
                if(strstr(strtolower($value),$bad)<>FALSE)
                {
                    exit("Hacking attept! Found text: $bad");
                    die("Hacking attept! Found text: $bad");
                }
            }
        }
      }
check_sql_inject2();
db_mssql_check_xss2();
/*
|---------------------------------------------------------------
| SET THE SERVER PATH
|---------------------------------------------------------------
|
| Let's attempt to determine the full-server path to the "system"
| folder in order to reduce the possibility of path problems.
| Note: We only attempt this if the user hasn't specified a
| full server path.
|
*/
if (strpos($system_folder, '/') === FALSE)
{
    if (function_exists('realpath') AND @realpath(dirname(__FILE__)) !== FALSE)
    {
        $system_folder = realpath(dirname(__FILE__)).'/'.$system_folder;
    }
}
else
{
    // Swap directory separators to Unix style for consistency
    $system_folder = str_replace("\\", "/", $system_folder);
}

/*
|---------------------------------------------------------------
| DEFINE APPLICATION CONSTANTS
|---------------------------------------------------------------
|
| EXT       - The file extension.  Typically ".php"
| FCPATH    - The full server path to THIS file
| SELF      - The name of THIS file (typically "index.php")
| BASEPATH  - The full server path to the "system" folder
| APPPATH   - The full server path to the "application" folder
|
*/
define('EXT', '.'.pathinfo(__FILE__, PATHINFO_EXTENSION));
define('FCPATH', __FILE__);
define('SELF', pathinfo(__FILE__, PATHINFO_BASENAME));
define('BASEPATH', $system_folder.'/');

$kohana_pathinfo = pathinfo(__FILE__);
// Define the front controller name and docroot
define('DOCROOT', $kohana_pathinfo['dirname'].DIRECTORY_SEPARATOR);

if (is_dir($application_folder))
{
    define('APPPATH', $application_folder.'/');
}
else
{
    if ($application_folder == '')
    {
        $application_folder = 'application';
    }

    define('APPPATH', BASEPATH.$application_folder.'/');
}
/*
|---------------------------------------------------------------
| CHECK DDOS
|---------------------------------------------------------------
|
| cheking ddos attack
|
*/
include(APPPATH.'libraries/antiflood.php');
/*
|---------------------------------------------------------------
| LOAD THE FRONT CONTROLLER
|---------------------------------------------------------------
|
| And away we go...
|
*/
if (file_exists(APPPATH.'.installed')) {
    if(file_exists(APPPATH .'controllers/install.php')) exit('Please delete file '.APPPATH .'controllers/install.php');
}

require_once BASEPATH.'codeigniter/CodeIgniter'.EXT;


/* End of file index.php */
/* Location: ./index.php */