Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- @session_start();
- /*
- |---------------------------------------------------------------
- | PHP ERROR REPORTING LEVEL
- |---------------------------------------------------------------
- |
- | By default CI runs with error reporting set to ALL. For security
- | reasons you are encouraged to change this when your site goes live.
- | For more info visit: http://www.php.net/error_reporting
- |
- */
- error_reporting(E_ALL);
- /*
- |---------------------------------------------------------------
- | SYSTEM FOLDER NAME
- |---------------------------------------------------------------
- |
- | This variable must contain the name of your "system" folder.
- | Include the path if the folder is not in the same directory
- | as this file.
- |
- | NO TRAILING SLASH!
- |
- */
- $system_folder = "system";
- /*
- |---------------------------------------------------------------
- | APPLICATION FOLDER NAME
- |---------------------------------------------------------------
- |
- | If you want this front controller to use a different "application"
- | folder then the default one you can set its name here. The folder
- | can also be renamed or relocated anywhere on your server.
- | For more info please see the user guide:
- | http://codeigniter.com/user_guide/general/managing_apps.html
- |
- |
- | NO TRAILING SLASH!
- |
- */
- $application_folder = "rf_office";
- define('APPFOLDER', $application_folder);
- define('LD' , '{');
- define('RD' , '}');
- /*
- |===============================================================
- | END OF USER CONFIGURABLE SETTINGS
- |===============================================================
- */
- // ------------------------------------------------------------------------
- function db_mssql_check_xss2 () {
- $url = html_entity_decode(urldecode($_SERVER['QUERY_STRING']));
- if ($url) {
- if ((strpos($url, '<') !== false) ||
- (strpos($url, '>') !== false) ||
- (strpos($url, '"') !== false) ||
- (strpos($url, '\'') !== false) ||
- (strpos($url, './') !== false) ||
- (strpos($url, '../') !== false) ||
- (strpos($url, '--') !== false) ||
- (strpos($url, '|') !== false) ||
- (strpos($url, '.php') !== false)
- )
- {
- exit("Hacking attept! Found text: ".$_SERVER['QUERY_STRING']);
- die("Hacking attept!");
- }
- }
- $url = html_entity_decode(urldecode($_SERVER['REQUEST_URI']));
- if ($url) {
- if ((strpos($url, '<') !== false) ||
- (strpos($url, '>') !== false) ||
- (strpos($url, '"') !== false) ||
- (strpos($url, '\'') !== false)
- )
- {
- exit("Hacking attept! Found text: ".$_SERVER['REQUEST_URI']);
- die("Hacking attept!");
- }
- }
- }
- /*
- Обработка глобального POST массива
- защищает от XSS и SQL Injection
- */
- function check_sql_inject2()
- {
- $badchars = array("--","truncate","tbl_","exec",";","'","*","|","drop","select","update","delete","where");
- foreach($_POST as $value)
- {
- foreach($badchars as $bad)
- {
- if(strstr(strtolower($value),$bad)<>FALSE)
- {
- exit("Hacking attept! Found text: $bad");
- die("Hacking attept! Found text: $bad");
- }
- }
- }
- }
- check_sql_inject2();
- db_mssql_check_xss2();
- /*
- |---------------------------------------------------------------
- | SET THE SERVER PATH
- |---------------------------------------------------------------
- |
- | Let's attempt to determine the full-server path to the "system"
- | folder in order to reduce the possibility of path problems.
- | Note: We only attempt this if the user hasn't specified a
- | full server path.
- |
- */
- if (strpos($system_folder, '/') === FALSE)
- {
- if (function_exists('realpath') AND @realpath(dirname(__FILE__)) !== FALSE)
- {
- $system_folder = realpath(dirname(__FILE__)).'/'.$system_folder;
- }
- }
- else
- {
- // Swap directory separators to Unix style for consistency
- $system_folder = str_replace("\\", "/", $system_folder);
- }
- /*
- |---------------------------------------------------------------
- | DEFINE APPLICATION CONSTANTS
- |---------------------------------------------------------------
- |
- | EXT - The file extension. Typically ".php"
- | FCPATH - The full server path to THIS file
- | SELF - The name of THIS file (typically "index.php")
- | BASEPATH - The full server path to the "system" folder
- | APPPATH - The full server path to the "application" folder
- |
- */
- define('EXT', '.'.pathinfo(__FILE__, PATHINFO_EXTENSION));
- define('FCPATH', __FILE__);
- define('SELF', pathinfo(__FILE__, PATHINFO_BASENAME));
- define('BASEPATH', $system_folder.'/');
- $kohana_pathinfo = pathinfo(__FILE__);
- // Define the front controller name and docroot
- define('DOCROOT', $kohana_pathinfo['dirname'].DIRECTORY_SEPARATOR);
- if (is_dir($application_folder))
- {
- define('APPPATH', $application_folder.'/');
- }
- else
- {
- if ($application_folder == '')
- {
- $application_folder = 'application';
- }
- define('APPPATH', BASEPATH.$application_folder.'/');
- }
- /*
- |---------------------------------------------------------------
- | CHECK DDOS
- |---------------------------------------------------------------
- |
- | cheking ddos attack
- |
- */
- include(APPPATH.'libraries/antiflood.php');
- /*
- |---------------------------------------------------------------
- | LOAD THE FRONT CONTROLLER
- |---------------------------------------------------------------
- |
- | And away we go...
- |
- */
- if (file_exists(APPPATH.'.installed')) {
- if(file_exists(APPPATH .'controllers/install.php')) exit('Please delete file '.APPPATH .'controllers/install.php');
- }
- require_once BASEPATH.'codeigniter/CodeIgniter'.EXT;
- /* End of file index.php */
- /* Location: ./index.php */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement