lopar/AntiBK
1
0
Fork 0
Code Issues Pull Requests Releases 1 Activity

Upload code

Browse Source
This commit is contained in:
Igor Barkov (iwork)
2021-02-11 15:55:56 +02:00
parent df4832b57f
commit d0b334a426
11278 changed files with 593050 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
engline/token/bootstrap.php
+7
View File
@@ -0,0 +1,7 @@
<?
if (!function_exists("getallheaders"))
include(dirname(__FILE__)."/headers.function.php");
require_once(dirname(__FILE__)."/lpg.headers.function.php");
require_once(dirname(__FILE__)."/lpg.csrf.token.php");
?>
engline/token/headers.function.php
+12
View File
@@ -0,0 +1,12 @@
<?
function getallheaders ()
{
$headers = array();
foreach ($_SERVER as $h => $v)
{
if (preg_match_all('/HTTP_(.+)/', $h, $hp))
$headers[$hp[1][0]] = $v;
}
return $headers;
}
?>
engline/token/lpg.csrf.token.php
+27
View File
@@ -0,0 +1,27 @@
<?
function create_token ($token_key)
{
$_SESSION['token'] = md5(time().$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'].$token_key);
}
function lpg_csrf_token ($token_key, $expire_time = 5)
{
$headers = lpg_getallheaders();
if (isset($headers['X-CSRF-TOKEN']) && isset($headers['X-REQUESTED-WITH']) && ($headers['X-REQUESTED-WITH'] == 'XMLHttpRequest'))
{
$token = trim($headers['X-CSRF-TOKEN']);
if ($token == '' || $token != $_SESSION['token'])
{
error_log("[LPG_CSRF_TOKEN] Warning: CSRF Attempt! Ajax attack from site: ".(isset($_SERVER['HTTP_REFERER']) ?$_SERVER['HTTP_REFERER'] :'This site!'));
return false;
}
}
else
{
error_log("[LPG_CSRF_TOKEN] Warning: CSRF Attempt! Ajax attack from site: ".(isset($_SERVER['HTTP_REFERER']) ?$_SERVER['HTTP_REFERER'] :'This site!'));
return false;
}
return true;
}
?>
engline/token/lpg.headers.function.php
+12
View File
@@ -0,0 +1,12 @@
<?
function lpg_getallheaders ()
{
$arr = getallheaders();
$up_arr = array();
foreach ($arr as $key => $value)
$up_arr[str_replace('_', '-', strtoupper($key))] = $value;
return $up_arr;
}
?>