From b728b680ca3a487f81bd10d3ec6db6e211e2d410 Mon Sep 17 00:00:00 2001
From: xisi <chaeldarrs@gmail.com>
Date: Sat, 25 Jan 2014 00:39:57 -0500
Subject: [PATCH] blah blah

---
 public/include/autoloader.inc.php             |  11 +-
 public/include/classes/api.class.php          |   4 +-
 public/include/classes/base.class.php         |   5 +-
 public/include/classes/bitcoin.class.php      |   4 +-
 .../include/classes/bitcoinwrapper.class.php  |   5 +-
 public/include/classes/block.class.php        |   4 +-
 public/include/classes/csrftoken.class.php    |   4 +-
 public/include/classes/debug.class.php        |   5 +-
 public/include/classes/invitation.class.php   |   4 +-
 public/include/classes/mail.class.php         |   5 +-
 public/include/classes/memcache_ad.class.php  |  73 ++++++++++++
 public/include/classes/memcached.class.php    |   4 +-
 public/include/classes/monitoring.class.php   |   4 +-
 public/include/classes/news.class.php         |   5 +-
 public/include/classes/notification.class.php |   5 +-
 public/include/classes/payout.class.php       |   4 +-
 public/include/classes/roundstats.class.php   |   5 +-
 public/include/classes/setting.class.php      |   4 +-
 public/include/classes/share.class.php        |   5 +-
 public/include/classes/statistics.class.php   |   5 +-
 public/include/classes/statscache.class.php   |   5 +-
 public/include/classes/strict.class.php       | 109 +++++++++++++++++-
 public/include/classes/template.class.php     |   5 +-
 public/include/classes/token.class.php        |   4 +-
 public/include/classes/tokentype.class.php    |   5 +-
 public/include/classes/tools.class.php        |   5 +-
 public/include/classes/transaction.class.php  |   5 +-
 public/include/classes/user.class.php         |   7 +-
 public/include/classes/worker.class.php       |   4 +-
 public/include/config/admin_settings.inc.php  |   4 +-
 public/include/config/error_codes.inc.php     |   4 +-
 public/include/config/global.inc.dist.php     |  17 ++-
 public/include/config/memcache_keys.inc.php   |   4 +-
 public/include/database.inc.php               |  10 +-
 public/include/pages/about.inc.php            |   5 +-
 public/include/pages/about/api.inc.php        |   4 +-
 public/include/pages/about/donors.inc.php     |   4 +-
 public/include/pages/about/pool.inc.php       |   5 +-
 public/include/pages/about/pplns.inc.php      |   5 +-
 public/include/pages/account.inc.php          |   4 +-
 public/include/pages/account/confirm.inc.php  |   4 +-
 public/include/pages/account/edit.inc.php     |  20 ++--
 .../include/pages/account/invitations.inc.php |   4 +-
 .../pages/account/notifications.inc.php       |   3 +-
 public/include/pages/account/qrcode.inc.php   |   3 +-
 .../pages/account/reset_failed.inc.php        |   4 +-
 .../pages/account/transactions.inc.php        |   3 +-
 public/include/pages/account/unlock.inc.php   |   4 +-
 public/include/pages/account/workers.inc.php  |   3 +-
 public/include/pages/admin.inc.php            |   4 +-
 public/include/pages/admin/dashboard.inc.php  |   4 +-
 public/include/pages/admin/monitoring.inc.php |   4 +-
 public/include/pages/admin/news.inc.php       |   4 +-
 public/include/pages/admin/news_edit.inc.php  |   4 +-
 .../include/pages/admin/poolworkers.inc.php   |   3 +-
 public/include/pages/admin/reports.inc.php    |   4 +-
 public/include/pages/admin/settings.inc.php   |   4 +-
 public/include/pages/admin/templates.inc.php  |   4 +-
 .../include/pages/admin/transactions.inc.php  |   4 +-
 public/include/pages/admin/user.inc.php       |   4 +-
 public/include/pages/admin/wallet.inc.php     |   4 +-
 public/include/pages/api.inc.php              |   4 +-
 .../include/pages/api/getblockcount.inc.php   |   4 +-
 .../include/pages/api/getblocksfound.inc.php  |   4 +-
 .../include/pages/api/getblockstats.inc.php   |   4 +-
 .../pages/api/getcronjobstatus.inc.php        |   4 +-
 .../pages/api/getcurrentworkers.inc.php       |   4 +-
 .../pages/api/getdashboarddata.inc.php        |   4 +-
 .../include/pages/api/getdifficulty.inc.php   |   4 +-
 .../pages/api/getestimatedtime.inc.php        |   4 +-
 .../pages/api/gethourlyhashrates.inc.php      |   4 +-
 .../include/pages/api/getnavbardata.inc.php   |   4 +-
 .../include/pages/api/getpoolhashrate.inc.php |   4 +-
 public/include/pages/api/getpoolinfo.inc.php  |   4 +-
 .../pages/api/getpoolsharerate.inc.php        |   4 +-
 .../include/pages/api/getpoolstatus.inc.php   |   4 +-
 .../pages/api/gettimesincelastblock.inc.php   |   4 +-
 .../pages/api/gettopcontributors.inc.php      |   4 +-
 .../include/pages/api/getuserbalance.inc.php  |   4 +-
 .../include/pages/api/getuserhashrate.inc.php |   4 +-
 .../pages/api/getusersharerate.inc.php        |   4 +-
 .../include/pages/api/getuserstatus.inc.php   |   4 +-
 .../pages/api/getusertransactions.inc.php     |   4 +-
 .../include/pages/api/getuserworkers.inc.php  |   4 +-
 public/include/pages/api/public.inc.php       |   4 +-
 public/include/pages/contactform.inc.php      |   4 +-
 .../pages/contactform/contactform.inc.php     |   4 +-
 public/include/pages/dashboard.inc.php        |   4 +-
 public/include/pages/error.inc.php            |   5 +-
 public/include/pages/error/404.inc.php        |   5 +-
 public/include/pages/error/ratelimit.inc.php  |   6 +
 public/include/pages/gettingstarted.inc.php   |   5 +-
 public/include/pages/home.inc.php             |   4 +-
 public/include/pages/login.inc.php            |   4 +-
 public/include/pages/logout.inc.php           |  13 ++-
 public/include/pages/news.inc.php             |   4 +-
 public/include/pages/password.inc.php         |   5 +-
 public/include/pages/password/change.inc.php  |   5 +-
 public/include/pages/password/reset.inc.php   |   4 +-
 public/include/pages/register.inc.php         |   4 +-
 .../include/pages/register/register.inc.php   |   3 +-
 public/include/pages/statistics.inc.php       |   5 +-
 .../pages/statistics/blockfinder.inc.php      |   4 +-
 .../include/pages/statistics/blocks.inc.php   |   4 +-
 .../include/pages/statistics/graphs.inc.php   |   4 +-
 public/include/pages/statistics/pool.inc.php  |   4 +-
 public/include/pages/statistics/round.inc.php |   4 +-
 .../include/pages/statistics/uptime.inc.php   |   4 +-
 public/include/pages/tac.inc.php              |   3 +-
 public/include/pages/tacpop.inc.php           |   3 +-
 public/include/smarty.inc.php                 |   5 +-
 public/include/smarty_globals.inc.php         |   4 +-
 public/include/version.inc.php                |   6 +-
 public/index.php                              |  85 +++++++++++---
 .../mpos/error/ratelimit/default.tpl          |   6 +
 115 files changed, 405 insertions(+), 386 deletions(-)
 create mode 100644 public/include/classes/memcache_ad.class.php
 create mode 100644 public/include/pages/error/ratelimit.inc.php
 create mode 100644 public/templates/mpos/error/ratelimit/default.tpl

diff --git a/public/include/autoloader.inc.php b/public/include/autoloader.inc.php
index 2359446e..70871ac6 100644
--- a/public/include/autoloader.inc.php
+++ b/public/include/autoloader.inc.php
@@ -1,7 +1,6 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+(SECURITY == "*)WT#&YHPI^H") ? die("public/index.php -> Set a new SECURITY value to continue") : 0;
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // SHA/Scrypt check
 if (empty($config['algorithm']) || $config['algorithm'] == 'scrypt') {
@@ -9,13 +8,13 @@ if (empty($config['algorithm']) || $config['algorithm'] == 'scrypt') {
 } else {
   $config['target_bits'] = 32;
 }
-if ($config['strict']) {
-  require_once(CLASS_DIR . '/strict.class.php');
-}
 
 // Default classes
 require_once(CLASS_DIR . '/debug.class.php');
 require_once(INCLUDE_DIR . '/lib/KLogger.php');
+if ($config['strict']) {
+  require_once(CLASS_DIR . '/strict.class.php');
+}
 require_once(INCLUDE_DIR . '/database.inc.php');
 require_once(INCLUDE_DIR . '/config/memcache_keys.inc.php');
 require_once(INCLUDE_DIR . '/config/error_codes.inc.php');
diff --git a/public/include/classes/api.class.php b/public/include/classes/api.class.php
index 336ba2bc..be57fbbf 100644
--- a/public/include/classes/api.class.php
+++ b/public/include/classes/api.class.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 /**
  * Helper class for our API
diff --git a/public/include/classes/base.class.php b/public/include/classes/base.class.php
index d8bb23bb..489ba7ff 100644
--- a/public/include/classes/base.class.php
+++ b/public/include/classes/base.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 /**
  * Our base class that we extend our other classes from
diff --git a/public/include/classes/bitcoin.class.php b/public/include/classes/bitcoin.class.php
index f1512c70..01b2a71d 100644
--- a/public/include/classes/bitcoin.class.php
+++ b/public/include/classes/bitcoin.class.php
@@ -1,7 +1,5 @@
 <?php
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 /**
  * Bitcoin classes
diff --git a/public/include/classes/bitcoinwrapper.class.php b/public/include/classes/bitcoinwrapper.class.php
index b2167611..fe913ee2 100644
--- a/public/include/classes/bitcoinwrapper.class.php
+++ b/public/include/classes/bitcoinwrapper.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 /**
  * We use a wrapper class around BitcoinClient to add
diff --git a/public/include/classes/block.class.php b/public/include/classes/block.class.php
index 5f1668bd..52cbfebf 100644
--- a/public/include/classes/block.class.php
+++ b/public/include/classes/block.class.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Block extends Base {
   protected $table = 'blocks';
diff --git a/public/include/classes/csrftoken.class.php b/public/include/classes/csrftoken.class.php
index 2e8dc953..bdcb0821 100644
--- a/public/include/classes/csrftoken.class.php
+++ b/public/include/classes/csrftoken.class.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class CSRFToken Extends Base {
   public $valid = 0;
diff --git a/public/include/classes/debug.class.php b/public/include/classes/debug.class.php
index 362a926d..46c8a8d4 100644
--- a/public/include/classes/debug.class.php
+++ b/public/include/classes/debug.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 /**
  * This file defines the debug class used in this site to enable
diff --git a/public/include/classes/invitation.class.php b/public/include/classes/invitation.class.php
index 40399477..7acbf2ac 100644
--- a/public/include/classes/invitation.class.php
+++ b/public/include/classes/invitation.class.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Invitation extends Base {
   var $table = 'invitations';
diff --git a/public/include/classes/mail.class.php b/public/include/classes/mail.class.php
index 841c75b7..329989df 100644
--- a/public/include/classes/mail.class.php
+++ b/public/include/classes/mail.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+(!cfip()) ? header('HTTP/1.1 401 Unauthorized') : 0;
 
 class Mail extends Base {
   /**
diff --git a/public/include/classes/memcache_ad.class.php b/public/include/classes/memcache_ad.class.php
new file mode 100644
index 00000000..72b48c1e
--- /dev/null
+++ b/public/include/classes/memcache_ad.class.php
@@ -0,0 +1,73 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+class MemcacheAntiDos
+{
+  public $cache;
+  public static $key = 'mcad_';
+  public static $request_model = array(
+  	'ident' => '',
+    'last_hit' => 0,
+    'last_flush' => 0,
+    'hits_since_flush' => 0
+  );
+  public $rate_limit_this_request = false;
+  public function __construct($config, $userORip, $request, $mcSettings) {
+    if (PHP_OS == 'WINNT') {
+      require_once('memcached.class.php');
+    }
+    $this->cache = new Memcached();
+    $this->cache->addServer($mcSettings['host'], $mcSettings['port']);
+    // set our config options
+    $per_page = $config['per_page'];
+    $flush_sec = $config['flush_seconds'];
+    $rate_limit = $config['rate_limit'];
+    unset($config);
+    // prep stuff we need to check this request
+    $key_md5 = substr(md5($userORip), 0, 4);
+    $request_md5 = substr(md5($request), 0, 4);
+    $request_key = $mcSettings['keyprefix'].self::$key.$key_md5."_".$request_md5."_".$per_page;
+    $request_data = $this->cache->get($request_key);
+    $now = time();
+    // check the request
+    if (is_array($request_data)) {
+      // this request key already exists, update it
+      $request_data['ident'] = $key_md5;
+      $request_data['last_hit'] = $now;
+      $request_data['hits_since_flush'] += 1;
+      // not rate limited yet, update the rest of the object
+      if ($request_data['hits_since_flush'] < $rate_limit) {
+        if (($request_data['last_flush'] + $flush_sec) <= $now || ($request_data['last_hit'] + $flush_sec) <= $now) {
+          // needs to be flushed
+          $request_data['hits_since_flush'] = 0;
+          $request_data['last_hit'] = 0;
+          $request_data['last_flush'] = $now;
+          // update the object
+          $this->cache->set($request_key, $request_data, $flush_sec);
+          $this->rate_limit_this_request = false;
+        } else {
+          // no flush, just update
+          $this->cache->set($request_key, $request_data, $flush_sec);
+          $this->rate_limit_this_request = false;
+        }
+      } else {
+        // too many hits, we should rate limit this
+        $this->rate_limit_this_request = true;
+      }
+    } else {
+      // doesn't exist for this request_key, create one
+      $new_data = self::$request_model;
+      $new_data['ident'] = $key_md5;
+      $new_data['last_hit'] = time();
+      $new_data['hits_since_flush'] = 1;
+      $new_data['last_flush'] = $now;
+      $this->cache->set($request_key, $new_data, $flush_sec);
+      $this->rate_limit_this_request = false;
+    }
+  }
+  public function rateLimitRequest() {
+    return $this->rate_limit_this_request;
+  }
+}
+
+?>
\ No newline at end of file
diff --git a/public/include/classes/memcached.class.php b/public/include/classes/memcached.class.php
index 2f431337..55a66c67 100644
--- a/public/include/classes/memcached.class.php
+++ b/public/include/classes/memcached.class.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 /**
  * A wrapper class which provides compatibility between Memcached and Memcache
diff --git a/public/include/classes/monitoring.class.php b/public/include/classes/monitoring.class.php
index 04a1324b..3cd84cba 100644
--- a/public/include/classes/monitoring.class.php
+++ b/public/include/classes/monitoring.class.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Monitoring extends Base {
    protected $table = 'monitoring';
diff --git a/public/include/classes/news.class.php b/public/include/classes/news.class.php
index f71ab7d8..bccc6cab 100644
--- a/public/include/classes/news.class.php
+++ b/public/include/classes/news.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class News extends Base {
   protected $table = 'news';
diff --git a/public/include/classes/notification.class.php b/public/include/classes/notification.class.php
index dd467634..66887e34 100644
--- a/public/include/classes/notification.class.php
+++ b/public/include/classes/notification.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Notification extends Mail {
   var $table = 'notifications';
diff --git a/public/include/classes/payout.class.php b/public/include/classes/payout.class.php
index a83d87e2..5255dbde 100644
--- a/public/include/classes/payout.class.php
+++ b/public/include/classes/payout.class.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Payout Extends Base {
   protected $table = 'payouts';
diff --git a/public/include/classes/roundstats.class.php b/public/include/classes/roundstats.class.php
index bfb7707f..81c8f1d1 100644
--- a/public/include/classes/roundstats.class.php
+++ b/public/include/classes/roundstats.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class RoundStats extends Base {
   private $tableTrans = 'transactions';
diff --git a/public/include/classes/setting.class.php b/public/include/classes/setting.class.php
index 82a889af..76ce7097 100644
--- a/public/include/classes/setting.class.php
+++ b/public/include/classes/setting.class.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Setting extends Base {
   protected $table = 'settings';
diff --git a/public/include/classes/share.class.php b/public/include/classes/share.class.php
index 1c8f9951..0d11c4d5 100644
--- a/public/include/classes/share.class.php
+++ b/public/include/classes/share.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Share Extends Base {
   protected $table = 'shares';
diff --git a/public/include/classes/statistics.class.php b/public/include/classes/statistics.class.php
index c61aeb23..37672c18 100644
--- a/public/include/classes/statistics.class.php
+++ b/public/include/classes/statistics.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 
 /*
diff --git a/public/include/classes/statscache.class.php b/public/include/classes/statscache.class.php
index bdcbbabd..c17d8a74 100644
--- a/public/include/classes/statscache.class.php
+++ b/public/include/classes/statscache.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 /**
  * A wrapper class used to store values transparently in memcache
diff --git a/public/include/classes/strict.class.php b/public/include/classes/strict.class.php
index b81a9211..558a5974 100644
--- a/public/include/classes/strict.class.php
+++ b/public/include/classes/strict.class.php
@@ -1,11 +1,110 @@
 <?php 
-error_reporting(E_ALL);
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class SessionManager {
-  private $session_state = 0;
+  private $bind_address = '';
+  private $started = false;
+  private $host_verified = false;
+  
+  private $config_dura = 0;
+  private $config_path = '';
+  private $config_domain = '';
+  private $config_secure = false;
+  private $config_httponly = false;
+  
+  private $server_http_host = null;
+  
+  private $current_session_id = '';
+  private $current_session_ip = '';
+  
+  public $memcache_handle = null;
+  
+  public function set_cookie_params($duration, $path, $domain, $secure, $httponly) {
+    session_set_cookie_params((time()+$duration), $path, $domain, $secure, $httponly);
+  }
+  
+  public function verify_server() {
+    if ($this->bind_address !== $this->server_http_host) {
+      return false;
+    } else {
+      return true;
+    }
+  }
+  
+  public function verify_client($ip) {
+    if ($this->started && $this->memcache_handle !== null && $this->verify_server()) {
+      $read_client = $this->memcache_handle->get(md5((string)$ip));
+      if ($read_client !== false) {
+        if (md5((string)$ip) !== $read_client[0]) {
+          return false;
+        } else {
+          return true;
+        }
+      } else {
+        return false;
+      }
+    } else {
+      return false;
+    }
+  }
+  
+  public function update_client($ip) {
+    if ($this->started && $this->memcache_handle !== null && $this->verify_client($ip)) {
+      $this->memcache_handle->set(md5((string)$ip), array($this->current_session_id, time()));
+    }
+  }
+  
+  public function set_cookie() {
+    if ($this->started && $this->memcache_handle !== null && $this->verify_server() && $this->verify_client($ip)) {
+      @setcookie(session_name(), session_id(), $this->config_dura, $this->config_path, $this->config_domain, $this->config_secure, $this->config_httponly);
+    }
+  }
+  
+  public function destroy_session($ip) {
+    if ($this->started && $this->verify_server() && $this->verify_client($ip)) {
+      $this->memcache_handle->delete(md5((string)$ip));
+      if (ini_get('session.use_cookies')) {
+        setcookie(session_name(), '', time() - 42000, $config_path, $config_domain, $config_secure, $config_httponly);
+      }
+      session_destroy();
+      session_regenerate_id(true);
+    }
+  }
   
   public function create_session($ip) {
-    // TODO: put memcache rate limiting into here
+    if (!$this->verify_server()) {
+      return false;
+    } else {
+      $session_start = @session_start();
+      if (!$session_start) {
+        session_destroy();
+        session_regenerate_id(true);
+        session_start();
+        $this->update_client($ip);
+        $this->started = true;
+        $this->current_session_id = session_id();
+        $this->set_cookie();
+        return true;
+      } else {
+        if ($this->verify_server() && $this->verify_client($ip)) {
+          $this->update_client($ip);
+          return true;
+        }
+      }
+    }
+  }
+  
+  public function __construct($config, $server_host) {
+    $this->config_dura = $config['cookie']['duration'];
+    $this->config_path = $config['cookie']['path'];
+    $this->config_domain = $config['cookie']['domain'];
+    $this->config_secure = $config['cookie']['secure'];
+    $this->config_httponly = $config['cookie']['httponly'];
+    if ($config['strict__enforce_ssl']) $config['strict__bind_protocol'] = 'https';
+    $this->bind_address = $config['strict__bind_protocol']."://".$config['strict__bind_host'].":".$config['strict__bind_port'];
+    $this->server_http_host = $config['strict__bind_protocol']."://".$_SERVER['HTTP_HOST'].":".$config['strict__bind_port'];
+    unset($config);
+    $this->set_cookie_params((time()+$this->config_dura), $this->config_path, $this->config_domain, $this->config_secure, $this->config_httponly);
   }
 }
 
@@ -30,11 +129,11 @@ class mysqli_strict extends mysqli {
         	  break;
         	case 'd':
         	  $return_dbl = filter_var($acopy[$i], FILTER_VALIDATE_FLOAT, FILTER_NULL_ON_FAILURE);
-        	  return ($return_dbl !== null) ? (double)$return_dbl : false;
+        	  return ($return_dbl !== null) ? (float)$return_dbl : false;
         	  break;
         	case 'b':
         	  $return_bool = filter_var($acopy[$i], FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
-        	  return ($return_bool !== null) ? (boolean)$return_bool : false;
+        	  return ($return_bool !== null) ? (bool)$return_bool : false;
         	  break;
         }
       }
diff --git a/public/include/classes/template.class.php b/public/include/classes/template.class.php
index fe03fe7b..b297c528 100644
--- a/public/include/classes/template.class.php
+++ b/public/include/classes/template.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Template extends Base {
   protected $table = 'templates';
diff --git a/public/include/classes/token.class.php b/public/include/classes/token.class.php
index 4bcfc033..3b64ee28 100644
--- a/public/include/classes/token.class.php
+++ b/public/include/classes/token.class.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Token Extends Base {
   protected $table = 'tokens';
diff --git a/public/include/classes/tokentype.class.php b/public/include/classes/tokentype.class.php
index c35dd84a..57b044b7 100644
--- a/public/include/classes/tokentype.class.php
+++ b/public/include/classes/tokentype.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Token_Type Extends Base {
   protected $table = 'token_types';
diff --git a/public/include/classes/tools.class.php b/public/include/classes/tools.class.php
index 0c573369..e00b370b 100644
--- a/public/include/classes/tools.class.php
+++ b/public/include/classes/tools.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 /**
  * Helper class for our cronjobs
diff --git a/public/include/classes/transaction.class.php b/public/include/classes/transaction.class.php
index 12bb93ce..7d7a93f2 100644
--- a/public/include/classes/transaction.class.php
+++ b/public/include/classes/transaction.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Transaction extends Base {
   protected $table = 'transactions';
diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index c81fabc7..9475a547 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class User extends Base {
   protected $table = 'accounts';
@@ -531,7 +528,7 @@ class User extends Base {
     // Enforce generation of a new Session ID and delete the old
     session_regenerate_id(true);
     // Enforce a page reload and point towards login with referrer included, if supplied
-    $port = ($_SERVER["SERVER_PORT"] == "80" or $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
+    $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
     $location = @$_SERVER['HTTPS'] ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $_SERVER['SCRIPT_NAME'] : 'http://' . $_SERVER['SERVER_NAME'] . $port . $_SERVER['SCRIPT_NAME'];
     if (!empty($from)) $location .= '?page=login&to=' . urlencode($from);
     // if (!headers_sent()) header('Location: ' . $location);
diff --git a/public/include/classes/worker.class.php b/public/include/classes/worker.class.php
index 9076cc3c..b661bd22 100644
--- a/public/include/classes/worker.class.php
+++ b/public/include/classes/worker.class.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class Worker extends Base {
   protected $table = 'pool_worker';
diff --git a/public/include/config/admin_settings.inc.php b/public/include/config/admin_settings.inc.php
index 7e72797d..27e95c3b 100644
--- a/public/include/config/admin_settings.inc.php
+++ b/public/include/config/admin_settings.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 $aThemes = $template->getThemes();
 
diff --git a/public/include/config/error_codes.inc.php b/public/include/config/error_codes.inc.php
index 9083cf3d..50c4db24 100644
--- a/public/include/config/error_codes.inc.php
+++ b/public/include/config/error_codes.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 $aErrorCodes['OK'] = 'OK';
 $aErrorCodes['E0001'] = 'Out of Order Share Detected';
diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php
index 1860f0b4..d59d3ca5 100644
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@@ -1,13 +1,24 @@
 <?php
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+/**
+ * Forces extra security options when enabled
+ */
+$config['strict'] = true;
+$config['strict__enforce_ssl'] = false;
+$config['strict__bind_protocol'] = 'http';
+$config['strict__bind_host'] = 'localhost';
+$config['strict__bind_port'] = 80;
+// CHANGE THIS KEY
+define('strict__FIP_key', '45934debe4965c10c424254a2c8170df');
+// If you use this, you'll also have to change a key in public/index.php ... you'll see.
 
 /**
  * Do not edit this unless you have confirmed that your config has been updated!
  * This is used in the version check to ensure you run the latest version of the configuration file.
  * Once you upgraded your config, change the version here too.
  **/
-$config['version'] = '0.0.6';
+$config['version'] = '0.0.7';
 
 // Our include directory for additional features
 define('INCLUDE_DIR', BASEPATH . 'include');
diff --git a/public/include/config/memcache_keys.inc.php b/public/include/config/memcache_keys.inc.php
index f9405b0c..1f4e30e7 100644
--- a/public/include/config/memcache_keys.inc.php
+++ b/public/include/config/memcache_keys.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 define('STATISTICS_ALL_USER_SHARES', 'STATISTICS_ALL_USER_SHARES');
 define('STATISTICS_ALL_USER_HASHRATES', 'STATISTICS_ALL_USER_HASHRATES');
diff --git a/public/include/database.inc.php b/public/include/database.inc.php
index a11d1748..870e6dfa 100644
--- a/public/include/database.inc.php
+++ b/public/include/database.inc.php
@@ -1,15 +1,11 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Instantiate class, we are using mysqlng
 if ($config['strict']) {
-  $mysqli = new mysqli_strict($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']) or die('couldnt load class');
-  //$mysqli = new mysqli($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']);
+  $mysqli = new mysqli_strict($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']);
 } else {
-  
+  $mysqli = new mysqli($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']);
 }
 
 // Check if read-only and quit if it is on
diff --git a/public/include/pages/about.inc.php b/public/include/pages/about.inc.php
index aecab054..ac4117c0 100644
--- a/public/include/pages/about.inc.php
+++ b/public/include/pages/about.inc.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
diff --git a/public/include/pages/about/api.inc.php b/public/include/pages/about/api.inc.php
index d0eb55e7..ac4117c0 100644
--- a/public/include/pages/about/api.inc.php
+++ b/public/include/pages/about/api.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
diff --git a/public/include/pages/about/donors.inc.php b/public/include/pages/about/donors.inc.php
index 0d4213f7..2e20f761 100644
--- a/public/include/pages/about/donors.inc.php
+++ b/public/include/pages/about/donors.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($setting->getValue('disable_donors')) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Donors are currently disabled. Please try again later.', 'TYPE' => 'errormsg');
diff --git a/public/include/pages/about/pool.inc.php b/public/include/pages/about/pool.inc.php
index 20c860f0..0450f7ef 100644
--- a/public/include/pages/about/pool.inc.php
+++ b/public/include/pages/about/pool.inc.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($setting->getValue('disable_about')) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Donors are currently disabled. Please try again later.', 'TYPE' => 'errormsg');
diff --git a/public/include/pages/about/pplns.inc.php b/public/include/pages/about/pplns.inc.php
index aecab054..ac4117c0 100644
--- a/public/include/pages/about/pplns.inc.php
+++ b/public/include/pages/about/pplns.inc.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
diff --git a/public/include/pages/account.inc.php b/public/include/pages/account.inc.php
index 9e43518e..f3ce16c5 100644
--- a/public/include/pages/account.inc.php
+++ b/public/include/pages/account.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($user->isAuthenticated()) {
   // Tempalte specifics
diff --git a/public/include/pages/account/confirm.inc.php b/public/include/pages/account/confirm.inc.php
index 829abcb7..6d175281 100644
--- a/public/include/pages/account/confirm.inc.php
+++ b/public/include/pages/account/confirm.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Confirm an account by token
 if (!isset($_GET['token']) || empty($_GET['token'])) {
diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php
index 1d01ee11..87a9ff3d 100644
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@@ -1,8 +1,5 @@
 <?php
-error_reporting(E_ALL);
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // twofactor stuff
 $cp_editable = $wf_editable = $ea_editable = $wf_sent = $ea_sent = $cp_sent = 0;
@@ -178,14 +175,15 @@ if ($user->isAuthenticated() && $config['twofactor']['enabled']) {
   (!empty($wfprep_sent) && empty($wfprep_edit)) ? $_SESSION['POPUP'][] = array('CONTENT' => $message_tokensent_invalid.$messages_tokensent_status['wf'], 'TYPE' => 'success'):"";
   (!empty($cpprep_sent) && !empty($cpprep_edit)) ? $_SESSION['POPUP'][] = array('CONTENT' => $cpprep_sent, 'TYPE' => 'success'):"";
   (!empty($cpprep_sent) && empty($cpprep_edit)) ? $_SESSION['POPUP'][] = array('CONTENT' => $message_tokensent_invalid.$messages_tokensent_status['cp'], 'TYPE' => 'success'):"";
+  // two-factor stuff
+  $smarty->assign("CHANGEPASSUNLOCKED", $cp_editable);
+  $smarty->assign("WITHDRAWUNLOCKED", $wf_editable);
+  $smarty->assign("DETAILSUNLOCKED", $ea_editable);
+  $smarty->assign("CHANGEPASSSENT", $cp_sent);
+  $smarty->assign("WITHDRAWSENT", $wf_sent);
+  $smarty->assign("DETAILSSENT", $ea_sent);
 }
-// two-factor stuff
-$smarty->assign("CHANGEPASSUNLOCKED", $cp_editable);
-$smarty->assign("WITHDRAWUNLOCKED", $wf_editable);
-$smarty->assign("DETAILSUNLOCKED", $ea_editable);
-$smarty->assign("CHANGEPASSSENT", $cp_sent);
-$smarty->assign("WITHDRAWSENT", $wf_sent);
-$smarty->assign("DETAILSSENT", $ea_sent);
+
 $smarty->assign("DONATE_THRESHOLD", $config['donate_threshold']);
 
 // Tempalte specifics
diff --git a/public/include/pages/account/invitations.inc.php b/public/include/pages/account/invitations.inc.php
index 0ceb15a8..4020cfd1 100644
--- a/public/include/pages/account/invitations.inc.php
+++ b/public/include/pages/account/invitations.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($user->isAuthenticated()) {
   if (!$setting->getValue('disable_invitations')) {
diff --git a/public/include/pages/account/notifications.inc.php b/public/include/pages/account/notifications.inc.php
index 0d0fe7e4..4b180f02 100644
--- a/public/include/pages/account/notifications.inc.php
+++ b/public/include/pages/account/notifications.inc.php
@@ -1,7 +1,6 @@
 <?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
 if ($user->isAuthenticated()) {
   if ($setting->getValue('disable_notifications') == 1) {
     $_SESSION['POPUP'][] = array('CONTENT' => 'Notification system disabled by admin.', 'TYPE' => 'info');
diff --git a/public/include/pages/account/qrcode.inc.php b/public/include/pages/account/qrcode.inc.php
index a6543dc5..3171ded7 100644
--- a/public/include/pages/account/qrcode.inc.php
+++ b/public/include/pages/account/qrcode.inc.php
@@ -1,6 +1,5 @@
 <?php
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($user->isAuthenticated()) $smarty->assign("CONTENT", "default.tpl");
 ?>
diff --git a/public/include/pages/account/reset_failed.inc.php b/public/include/pages/account/reset_failed.inc.php
index ef30938f..97a08239 100644
--- a/public/include/pages/account/reset_failed.inc.php
+++ b/public/include/pages/account/reset_failed.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($user->isAuthenticated()) {
   // Reset failed login counter
diff --git a/public/include/pages/account/transactions.inc.php b/public/include/pages/account/transactions.inc.php
index 72534881..4509b399 100644
--- a/public/include/pages/account/transactions.inc.php
+++ b/public/include/pages/account/transactions.inc.php
@@ -1,7 +1,6 @@
 <?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
 if ($user->isAuthenticated()) {
   $iLimit = 30;
   empty($_REQUEST['start']) ? $start = 0 : $start = $_REQUEST['start'];
diff --git a/public/include/pages/account/unlock.inc.php b/public/include/pages/account/unlock.inc.php
index b9d5763b..71c400d1 100644
--- a/public/include/pages/account/unlock.inc.php
+++ b/public/include/pages/account/unlock.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Confirm an account by token
 if (!isset($_GET['token']) || empty($_GET['token'])) {
diff --git a/public/include/pages/account/workers.inc.php b/public/include/pages/account/workers.inc.php
index ad266b2b..346a3de4 100644
--- a/public/include/pages/account/workers.inc.php
+++ b/public/include/pages/account/workers.inc.php
@@ -1,6 +1,5 @@
 <?php
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($user->isAuthenticated()) {
   switch (@$_REQUEST['do']) {
diff --git a/public/include/pages/admin.inc.php b/public/include/pages/admin.inc.php
index 40abecde..b5067a9f 100644
--- a/public/include/pages/admin.inc.php
+++ b/public/include/pages/admin.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/admin/dashboard.inc.php b/public/include/pages/admin/dashboard.inc.php
index d5de5f7b..572914f9 100644
--- a/public/include/pages/admin/dashboard.inc.php
+++ b/public/include/pages/admin/dashboard.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/admin/monitoring.inc.php b/public/include/pages/admin/monitoring.inc.php
index 08efaee4..e720f776 100644
--- a/public/include/pages/admin/monitoring.inc.php
+++ b/public/include/pages/admin/monitoring.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/admin/news.inc.php b/public/include/pages/admin/news.inc.php
index df0bb2fc..36734294 100644
--- a/public/include/pages/admin/news.inc.php
+++ b/public/include/pages/admin/news.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/admin/news_edit.inc.php b/public/include/pages/admin/news_edit.inc.php
index 81cfcb56..8549533b 100644
--- a/public/include/pages/admin/news_edit.inc.php
+++ b/public/include/pages/admin/news_edit.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/admin/poolworkers.inc.php b/public/include/pages/admin/poolworkers.inc.php
index 814d6c07..24cb675c 100644
--- a/public/include/pages/admin/poolworkers.inc.php
+++ b/public/include/pages/admin/poolworkers.inc.php
@@ -1,6 +1,5 @@
 <?php
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/admin/reports.inc.php b/public/include/pages/admin/reports.inc.php
index 5225461c..3139234c 100644
--- a/public/include/pages/admin/reports.inc.php
+++ b/public/include/pages/admin/reports.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/admin/settings.inc.php b/public/include/pages/admin/settings.inc.php
index fe9bc380..6fb477ea 100644
--- a/public/include/pages/admin/settings.inc.php
+++ b/public/include/pages/admin/settings.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/admin/templates.inc.php b/public/include/pages/admin/templates.inc.php
index b3c101ea..8f67611d 100644
--- a/public/include/pages/admin/templates.inc.php
+++ b/public/include/pages/admin/templates.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/admin/transactions.inc.php b/public/include/pages/admin/transactions.inc.php
index 7e95092e..37afac7b 100644
--- a/public/include/pages/admin/transactions.inc.php
+++ b/public/include/pages/admin/transactions.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/admin/user.inc.php b/public/include/pages/admin/user.inc.php
index 955d9cd8..5971dc9a 100644
--- a/public/include/pages/admin/user.inc.php
+++ b/public/include/pages/admin/user.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/admin/wallet.inc.php b/public/include/pages/admin/wallet.inc.php
index c7e821c8..909d05ef 100644
--- a/public/include/pages/admin/wallet.inc.php
+++ b/public/include/pages/admin/wallet.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
diff --git a/public/include/pages/api.inc.php b/public/include/pages/api.inc.php
index c85ada42..01cd20f5 100644
--- a/public/include/pages/api.inc.php
+++ b/public/include/pages/api.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getblockcount.inc.php b/public/include/pages/api/getblockcount.inc.php
index 978a7142..5000afdd 100644
--- a/public/include/pages/api/getblockcount.inc.php
+++ b/public/include/pages/api/getblockcount.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getblocksfound.inc.php b/public/include/pages/api/getblocksfound.inc.php
index de2918f6..d280b266 100644
--- a/public/include/pages/api/getblocksfound.inc.php
+++ b/public/include/pages/api/getblocksfound.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getblockstats.inc.php b/public/include/pages/api/getblockstats.inc.php
index 9d6200d5..725ad628 100644
--- a/public/include/pages/api/getblockstats.inc.php
+++ b/public/include/pages/api/getblockstats.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getcronjobstatus.inc.php b/public/include/pages/api/getcronjobstatus.inc.php
index 8dab4f09..b932b8dd 100644
--- a/public/include/pages/api/getcronjobstatus.inc.php
+++ b/public/include/pages/api/getcronjobstatus.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getcurrentworkers.inc.php b/public/include/pages/api/getcurrentworkers.inc.php
index 837b75ef..4b142822 100644
--- a/public/include/pages/api/getcurrentworkers.inc.php
+++ b/public/include/pages/api/getcurrentworkers.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getdashboarddata.inc.php b/public/include/pages/api/getdashboarddata.inc.php
index b5a73801..9f7c6844 100644
--- a/public/include/pages/api/getdashboarddata.inc.php
+++ b/public/include/pages/api/getdashboarddata.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the system is enabled
 if ($setting->getValue('disable_dashboard_api')) {
diff --git a/public/include/pages/api/getdifficulty.inc.php b/public/include/pages/api/getdifficulty.inc.php
index 95805548..7cc88766 100644
--- a/public/include/pages/api/getdifficulty.inc.php
+++ b/public/include/pages/api/getdifficulty.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getestimatedtime.inc.php b/public/include/pages/api/getestimatedtime.inc.php
index 91ed811d..5d529545 100644
--- a/public/include/pages/api/getestimatedtime.inc.php
+++ b/public/include/pages/api/getestimatedtime.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/gethourlyhashrates.inc.php b/public/include/pages/api/gethourlyhashrates.inc.php
index d9dfea0a..c6c7f670 100644
--- a/public/include/pages/api/gethourlyhashrates.inc.php
+++ b/public/include/pages/api/gethourlyhashrates.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getnavbardata.inc.php b/public/include/pages/api/getnavbardata.inc.php
index a412f984..f043a7c1 100644
--- a/public/include/pages/api/getnavbardata.inc.php
+++ b/public/include/pages/api/getnavbardata.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the system is enabled
 if ($setting->getValue('disable_navbar_api')) {
diff --git a/public/include/pages/api/getpoolhashrate.inc.php b/public/include/pages/api/getpoolhashrate.inc.php
index a5985d44..bb6fe8ea 100644
--- a/public/include/pages/api/getpoolhashrate.inc.php
+++ b/public/include/pages/api/getpoolhashrate.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getpoolinfo.inc.php b/public/include/pages/api/getpoolinfo.inc.php
index 66d87004..217a2224 100644
--- a/public/include/pages/api/getpoolinfo.inc.php
+++ b/public/include/pages/api/getpoolinfo.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getpoolsharerate.inc.php b/public/include/pages/api/getpoolsharerate.inc.php
index a55654be..8b8977e5 100644
--- a/public/include/pages/api/getpoolsharerate.inc.php
+++ b/public/include/pages/api/getpoolsharerate.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getpoolstatus.inc.php b/public/include/pages/api/getpoolstatus.inc.php
index ea053dcb..a364a45b 100644
--- a/public/include/pages/api/getpoolstatus.inc.php
+++ b/public/include/pages/api/getpoolstatus.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/gettimesincelastblock.inc.php b/public/include/pages/api/gettimesincelastblock.inc.php
index c0de01f8..e586beac 100644
--- a/public/include/pages/api/gettimesincelastblock.inc.php
+++ b/public/include/pages/api/gettimesincelastblock.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/gettopcontributors.inc.php b/public/include/pages/api/gettopcontributors.inc.php
index 0b22faee..e5bc7e6f 100644
--- a/public/include/pages/api/gettopcontributors.inc.php
+++ b/public/include/pages/api/gettopcontributors.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check user token and access level permissions
 $user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);
diff --git a/public/include/pages/api/getuserbalance.inc.php b/public/include/pages/api/getuserbalance.inc.php
index d91c6865..e46901bb 100644
--- a/public/include/pages/api/getuserbalance.inc.php
+++ b/public/include/pages/api/getuserbalance.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getuserhashrate.inc.php b/public/include/pages/api/getuserhashrate.inc.php
index 1b1d5250..13f61a8c 100644
--- a/public/include/pages/api/getuserhashrate.inc.php
+++ b/public/include/pages/api/getuserhashrate.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getusersharerate.inc.php b/public/include/pages/api/getusersharerate.inc.php
index c1edb01e..86b3c762 100644
--- a/public/include/pages/api/getusersharerate.inc.php
+++ b/public/include/pages/api/getusersharerate.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getuserstatus.inc.php b/public/include/pages/api/getuserstatus.inc.php
index c17bb77f..df514c9a 100644
--- a/public/include/pages/api/getuserstatus.inc.php
+++ b/public/include/pages/api/getuserstatus.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getusertransactions.inc.php b/public/include/pages/api/getusertransactions.inc.php
index 08517d2d..403ff929 100644
--- a/public/include/pages/api/getusertransactions.inc.php
+++ b/public/include/pages/api/getusertransactions.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/getuserworkers.inc.php b/public/include/pages/api/getuserworkers.inc.php
index 089e227d..69a8122a 100644
--- a/public/include/pages/api/getuserworkers.inc.php
+++ b/public/include/pages/api/getuserworkers.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/api/public.inc.php b/public/include/pages/api/public.inc.php
index f465d1a8..c6b128d6 100644
--- a/public/include/pages/api/public.inc.php
+++ b/public/include/pages/api/public.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Check if the API is activated
 $api->isActive();
diff --git a/public/include/pages/contactform.inc.php b/public/include/pages/contactform.inc.php
index b961cfb2..fdbf26da 100644
--- a/public/include/pages/contactform.inc.php
+++ b/public/include/pages/contactform.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($setting->getValue('disable_contactform')) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
diff --git a/public/include/pages/contactform/contactform.inc.php b/public/include/pages/contactform/contactform.inc.php
index 19916321..f0aa6f9f 100644
--- a/public/include/pages/contactform/contactform.inc.php
+++ b/public/include/pages/contactform/contactform.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($setting->getValue('recaptcha_enabled')) {
   // Load re-captcha specific data
diff --git a/public/include/pages/dashboard.inc.php b/public/include/pages/dashboard.inc.php
index f835f6e7..7047cfb8 100644
--- a/public/include/pages/dashboard.inc.php
+++ b/public/include/pages/dashboard.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($user->isAuthenticated()) {
   if (! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300;
diff --git a/public/include/pages/error.inc.php b/public/include/pages/error.inc.php
index aecab054..ac4117c0 100644
--- a/public/include/pages/error.inc.php
+++ b/public/include/pages/error.inc.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
diff --git a/public/include/pages/error/404.inc.php b/public/include/pages/error/404.inc.php
index aecab054..ac4117c0 100644
--- a/public/include/pages/error/404.inc.php
+++ b/public/include/pages/error/404.inc.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
diff --git a/public/include/pages/error/ratelimit.inc.php b/public/include/pages/error/ratelimit.inc.php
new file mode 100644
index 00000000..89cd2920
--- /dev/null
+++ b/public/include/pages/error/ratelimit.inc.php
@@ -0,0 +1,6 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+// Tempalte specifics
+$smarty->assign("CONTENT", "default.tpl");
+?>
\ No newline at end of file
diff --git a/public/include/pages/gettingstarted.inc.php b/public/include/pages/gettingstarted.inc.php
index e7de19b8..b6f63bc7 100644
--- a/public/include/pages/gettingstarted.inc.php
+++ b/public/include/pages/gettingstarted.inc.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 $smarty->assign("SITESTRATUMURL", $config['gettingstarted']['stratumurl']);
 $smarty->assign("SITESTRATUMPORT", $config['gettingstarted']['stratumport']);
diff --git a/public/include/pages/home.inc.php b/public/include/pages/home.inc.php
index 99c01c04..72a29af7 100644
--- a/public/include/pages/home.inc.php
+++ b/public/include/pages/home.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Include markdown library
 use \Michelf\Markdown;
diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php
index 80267049..ff3b36ae 100644
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // ReCaptcha handling if enabled
 if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_logins')) {
diff --git a/public/include/pages/logout.inc.php b/public/include/pages/logout.inc.php
index 30425851..457c7b50 100644
--- a/public/include/pages/logout.inc.php
+++ b/public/include/pages/logout.inc.php
@@ -1,10 +1,11 @@
 <?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
-
-// This probably (?) never fails
-$user->logoutUser();
+if ($config['strict']) {
+  $session->destroy_session($_SERVER['REMOTE_ADDR']);
+  $user->logoutUser();
+} else {
+  $user->logoutUser();
+}
 $smarty->assign("CONTENT", "default.tpl");
 ?>
diff --git a/public/include/pages/news.inc.php b/public/include/pages/news.inc.php
index 6e7a90c7..51630e9b 100644
--- a/public/include/pages/news.inc.php
+++ b/public/include/pages/news.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Include markdown library
 use \Michelf\Markdown;
diff --git a/public/include/pages/password.inc.php b/public/include/pages/password.inc.php
index d9fe34ce..8ce59fe1 100644
--- a/public/include/pages/password.inc.php
+++ b/public/include/pages/password.inc.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
diff --git a/public/include/pages/password/change.inc.php b/public/include/pages/password/change.inc.php
index f622363b..938ed51b 100644
--- a/public/include/pages/password/change.inc.php
+++ b/public/include/pages/password/change.inc.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-  die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
   if (isset($_POST['do']) && $_POST['do'] == 'resetPassword') {
diff --git a/public/include/pages/password/reset.inc.php b/public/include/pages/password/reset.inc.php
index 0fa2303d..c06c21b6 100644
--- a/public/include/pages/password/reset.inc.php
+++ b/public/include/pages/password/reset.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Process password reset request
 if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
diff --git a/public/include/pages/register.inc.php b/public/include/pages/register.inc.php
index 15d077fe..da9ec064 100644
--- a/public/include/pages/register.inc.php
+++ b/public/include/pages/register.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($setting->getValue('lock_registration') && $setting->getValue('disable_invitations')) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
diff --git a/public/include/pages/register/register.inc.php b/public/include/pages/register/register.inc.php
index 9f2ad8b6..31afe78d 100644
--- a/public/include/pages/register/register.inc.php
+++ b/public/include/pages/register/register.inc.php
@@ -1,6 +1,5 @@
 <?php
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // ReCaptcha handling if enabled
 if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_registrations')) {
diff --git a/public/include/pages/statistics.inc.php b/public/include/pages/statistics.inc.php
index 3f63e870..ca100ea4 100644
--- a/public/include/pages/statistics.inc.php
+++ b/public/include/pages/statistics.inc.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
   $debug->append('No cached version available, fetching from backend', 3);
diff --git a/public/include/pages/statistics/blockfinder.inc.php b/public/include/pages/statistics/blockfinder.inc.php
index f471afdf..6773e920 100644
--- a/public/include/pages/statistics/blockfinder.inc.php
+++ b/public/include/pages/statistics/blockfinder.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Grab Block Finder
 if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
diff --git a/public/include/pages/statistics/blocks.inc.php b/public/include/pages/statistics/blocks.inc.php
index 12f034c0..fb580b8f 100644
--- a/public/include/pages/statistics/blocks.inc.php
+++ b/public/include/pages/statistics/blocks.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Grab the last blocks found
 if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
diff --git a/public/include/pages/statistics/graphs.inc.php b/public/include/pages/statistics/graphs.inc.php
index 575ce36d..f574c1fc 100644
--- a/public/include/pages/statistics/graphs.inc.php
+++ b/public/include/pages/statistics/graphs.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
   $debug->append('No cached version available, fetching from backend', 3);
diff --git a/public/include/pages/statistics/pool.inc.php b/public/include/pages/statistics/pool.inc.php
index ae42aebc..84fb3546 100644
--- a/public/include/pages/statistics/pool.inc.php
+++ b/public/include/pages/statistics/pool.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Fetch data from wallet, always run this check
 if ($bitcoin->can_connect() === true){
diff --git a/public/include/pages/statistics/round.inc.php b/public/include/pages/statistics/round.inc.php
index 4e7288d5..064dd3ee 100644
--- a/public/include/pages/statistics/round.inc.php
+++ b/public/include/pages/statistics/round.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
   $debug->append('No cached version available, fetching from backend', 3);
diff --git a/public/include/pages/statistics/uptime.inc.php b/public/include/pages/statistics/uptime.inc.php
index 81a12799..253ab76c 100644
--- a/public/include/pages/statistics/uptime.inc.php
+++ b/public/include/pages/statistics/uptime.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
   $debug->append('No cached version available, fetching from backend', 3);
diff --git a/public/include/pages/tac.inc.php b/public/include/pages/tac.inc.php
index de4542b1..cdd3e92d 100644
--- a/public/include/pages/tac.inc.php
+++ b/public/include/pages/tac.inc.php
@@ -1,6 +1,5 @@
 <?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
 $smarty->assign("CONTENT", "default.tpl");
 ?>
diff --git a/public/include/pages/tacpop.inc.php b/public/include/pages/tacpop.inc.php
index 86087ec0..16ae6777 100644
--- a/public/include/pages/tacpop.inc.php
+++ b/public/include/pages/tacpop.inc.php
@@ -1,6 +1,5 @@
 <?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
 $master_template = 'tac/default.tpl';
 ?>
diff --git a/public/include/smarty.inc.php b/public/include/smarty.inc.php
index ba549af6..b3aa8e7b 100644
--- a/public/include/smarty.inc.php
+++ b/public/include/smarty.inc.php
@@ -1,8 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 $debug->append('Loading Smarty libraries', 2);
 define('SMARTY_DIR', INCLUDE_DIR . '/smarty/libs/');
diff --git a/public/include/smarty_globals.inc.php b/public/include/smarty_globals.inc.php
index 87dc64e2..bb658cd1 100644
--- a/public/include/smarty_globals.inc.php
+++ b/public/include/smarty_globals.inc.php
@@ -1,7 +1,5 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Globally available variables
 $debug->append('Global smarty variables', 3);
diff --git a/public/include/version.inc.php b/public/include/version.inc.php
index f1fbcf4b..6206c0a2 100644
--- a/public/include/version.inc.php
+++ b/public/include/version.inc.php
@@ -1,11 +1,9 @@
 <?php
-
-// Make sure we are called from index.php
-if (!defined('SECURITY')) die('Hacking attempt');
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 define('MPOS_VERSION', '0.0.2');
 define('DB_VERSION', '0.0.4');
-define('CONFIG_VERSION', '0.0.6');
+define('CONFIG_VERSION', '0.0.7');
 
 // Fetch installed database version
 $db_version = $setting->getValue('DB_VERSION');
diff --git a/public/index.php b/public/index.php
index 30279049..5ad10a73 100644
--- a/public/index.php
+++ b/public/index.php
@@ -1,5 +1,4 @@
 <?php
-
 /*
 
 Copyright:: 2013, Sebastian Grewe
@@ -16,7 +15,20 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 
- */
+*/
+
+// Set a decently long SECURITY key with special chars etc
+define('SECURITY', '*)WT#&YHfd');
+define('SECHASH_CHECK', true);
+
+// change SECHASH every second, we allow up to 3 sec back for slow servers
+if (SECHASH_CHECK) {
+  function fip($tr=0) { return md5(SECURITY.(time()-$tr).SECURITY); }
+  define('SECHASH', fip());
+  function cfip() { return (fip()==SECHASH||fip(1)==SECHASH||fip(2)==SECHASH) ? 1 : 0; }
+} else {
+  function cfip() { return 1; }
+}
 
 // Used for performance calculations
 $dStartTime = microtime(true);
@@ -25,9 +37,6 @@ $dStartTime = microtime(true);
 // No but Its now, - Aim
 define("BASEPATH", dirname(__FILE__) . "/");
 
-// Our security check
-define("SECURITY", 1);
-
 // Include our configuration (holding defines for the requires)
 if (!include_once(BASEPATH . 'include/config/global.inc.php')) die('Unable to load site configuration');
 
@@ -35,19 +44,67 @@ if (!include_once(BASEPATH . 'include/config/global.inc.php')) die('Unable to lo
 $master_template = 'master.tpl';
 
 // Start a session
-session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
-$session_start = @session_start();
-if (!$session_start) {
-  session_destroy();
-  session_regenerate_id(true);
-  session_start();
-}
-@setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
 
 // Load Classes, they name defines the $ variable used
 // We include all needed files here, even though our templates could load them themself
 require_once(INCLUDE_DIR . '/autoloader.inc.php');
 
+if ($config['strict']) {
+  $session = new SessionManager($config, $_SERVER['HTTP_HOST']);
+  if ($session->verify_server()) {
+    $session->create_session($_SERVER['REMOTE_ADDR']);
+    if ($session->verify_client($_SERVER['REMOTE_ADDR'])) {
+      $session->update_client($_SERVER['REMOTE_ADDR']);
+    }
+  }
+} else {
+  session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
+  $session_start = @session_start();
+  if (!$session_start) {
+    session_destroy();
+    session_regenerate_id(true);
+    session_start();
+  }
+  @setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
+}
+// Rate limiting
+if ($config['memcache']['enabled'] && $config['mc_antidos']['enabled'] || $config['strict']) {
+  require_once(CLASS_DIR . '/memcache_ad.class.php');
+  
+  $skip_check = false;
+  $per_page = ($config['mc_antidos']['per_page']) ? $_SERVER['QUERY_STRING'] : '';
+  // if this is an api call we need to be careful not to time them out for those calls separately
+  $ajax_call_querystrings = array(
+    'page=api&action=getuserbalance',
+    'page=api&action=getnavbardata',
+    'page=api&action=getdashboarddata',
+    'page=api&action=getuserworkers'
+  );
+  // cut off any potential extra get info from querystring and see if it's an ajax call
+  $is_ajax_call = (in_array(substr($_SERVER['QUERY_STRING'], 0, 32), $ajax_call_querystrings)) ? true : false;
+  if ($is_ajax_call && $config['mc_antidos']['protect_ajax']) {
+    $per_page = 'navbar';
+  } else if ($is_ajax_call && !$config['mc_antidos']['protect_ajax']) {
+    // protect isn't on, we'll ignore it
+    $skip_check = true;
+  } else if ($config['mc_antidos']['ignore_admins'] && isset($_SESSION['USERDATA']['is_admin']) && $_SESSION['USERDATA']['is_admin']) {
+    $skip_check = true;
+  }
+  if (!$skip_check) {
+    $session->memcache_handle = new MemcacheAntiDos($config['mc_antidos'], $_SERVER['REMOTE_ADDR'], $per_page, $config['memcache']);
+    $rate_limit_reached = $session->memcache_handle->rateLimitRequest();
+    $error_page = $config['mc_antidos']['error_push_page'];
+    if ($rate_limit_reached == true) {
+      if (!is_array($error_page) || count($error_page) < 1 || (empty($error_page['page']) && empty($error_page['action']))) {
+        die("You are sending too many requests too fast!");
+      } else {
+        $_REQUEST['page'] = $error_page['page'];
+        $_REQUEST['action'] = (isset($error_page['action']) && !empty($error_page['action'])) ? $error_page['action'] : $_REQUEST['action'];
+      }
+    }
+  }
+}
+
 // Create our pages array from existing files
 if (is_dir(INCLUDE_DIR . '/pages/')) {
   foreach (glob(INCLUDE_DIR . '/pages/*.inc.php') as $filepath) {
@@ -118,4 +175,4 @@ if (!@$supress_master) $smarty->display($master_template, $smarty_cache_key);
 // Unset any temporary values here
 unset($_SESSION['POPUP']);
 
-?>
+?>
\ No newline at end of file
diff --git a/public/templates/mpos/error/ratelimit/default.tpl b/public/templates/mpos/error/ratelimit/default.tpl
new file mode 100644
index 00000000..7ab5c72b
--- /dev/null
+++ b/public/templates/mpos/error/ratelimit/default.tpl
@@ -0,0 +1,6 @@
+<article class="module width_full">
+<header><h3>Request rate limit exceeded</h3></header>
+<div class="module_content">
+<p>You're sending too many requests too fast!</p>
+</div>
+</article>
\ No newline at end of file