$secvalue) {
if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
(preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
(preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
(preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
(preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
(preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
(preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
(preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
(preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
(preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
(preg_match("/\([^>]*\"?[^)]*\)/", $secvalue)) ||
(preg_match("/\"/", $secvalue)) ||
(preg_match("/inside_mod/i", $sec_key))) {
die ("Operazione non consentita");
}
}
foreach ($_POST as $secvalue) {
if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
die ($htmltags);
}
}
// Posting from other servers in not allowed
// Fix by Quake
// Bug found by PeNdEjO
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (isset($_SERVER['HTTP_REFERER'])) {
if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
die('Posting da un altro server non consentito!');
} else {
# die('Attenzione: il tuo browser non puo inviare gli header HTTP_REFERER al website. ');
}
}
}
function jsexist(){ // controlla javascript by l.apolito 2008
global $op,$name;
if(!isset($_GET['js'])){
$querystring= @preg_replace('/'.$_SERVER['DOCUMENT_ROOT'].'/i','http://'.$_SERVER['HTTP_HOST'].'/',$_SERVER['SCRIPT_FILENAME']);
if (preg_match("/modules.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="name=$name"; // reindirizza
if (preg_match("/admin.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="op=$op"; // reindirizza
echo "";
}
$js=$_GET['js'];
return $js;
}
session_start();//MODIFICHE PER GESTIONE SESSIONI
// apre database
////////////////////////
if (file_exists("config.php")) @require_once("config.php"); else $install="1";
# verifica se effettuata la configurazione
if(empty($dbname) || $istall=="1") {
die("
Sembra che Eleonline non sia stato ancora installato.
Puoi procedere cliccando qui per iniziare l'installazione