blah blah

2014-01-25 00:39:57 -05:00 · 2014-01-25 00:39:57 -05:00 · b728b680ca
commit b728b680ca
parent 9dcb855b34
115 changed files with 405 additions and 386 deletions
--- a/public/include/autoloader.inc.php
+++ b/public/include/autoloader.inc.php
@ -1,7 +1,6 @@
 <?php
-
+(SECURITY == "*)WT#&YHPI^H") ? die("public/index.php -> Set a new SECURITY value to continue") : 0;
-// Make sure we are called from index.php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 if (!defined('SECURITY')) die('Hacking attempt');
 // SHA/Scrypt check
 if (empty($config['algorithm']) || $config['algorithm'] == 'scrypt') {
@ -9,13 +8,13 @@ if (empty($config['algorithm']) || $config['algorithm'] == 'scrypt') {
 } else {
  $config['target_bits'] = 32;
 }
 if ($config['strict']) {
  require_once(CLASS_DIR . '/strict.class.php');
 }
 // Default classes
 require_once(CLASS_DIR . '/debug.class.php');
 require_once(INCLUDE_DIR . '/lib/KLogger.php');
 if ($config['strict']) {
  require_once(CLASS_DIR . '/strict.class.php');
 }
 require_once(INCLUDE_DIR . '/database.inc.php');
 require_once(INCLUDE_DIR . '/config/memcache_keys.inc.php');
 require_once(INCLUDE_DIR . '/config/error_codes.inc.php');
--- a/public/include/classes/api.class.php
+++ b/public/include/classes/api.class.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 /**
 * Helper class for our API
--- a/public/include/classes/base.class.php
+++ b/public/include/classes/base.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 /**
 * Our base class that we extend our other classes from
--- a/public/include/classes/bitcoin.class.php
+++ b/public/include/classes/bitcoin.class.php
@ -1,7 +1,5 @@
 <?php
-// Make sure we are called from index.php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 if (!defined('SECURITY'))
  die('Hacking attempt');
 /**
 * Bitcoin classes
--- a/public/include/classes/bitcoinwrapper.class.php
+++ b/public/include/classes/bitcoinwrapper.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 /**
 * We use a wrapper class around BitcoinClient to add
--- a/public/include/classes/block.class.php
+++ b/public/include/classes/block.class.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 class Block extends Base {
  protected $table = 'blocks';
--- a/public/include/classes/csrftoken.class.php
+++ b/public/include/classes/csrftoken.class.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 class CSRFToken Extends Base {
  public $valid = 0;
--- a/public/include/classes/debug.class.php
+++ b/public/include/classes/debug.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
    die('Hacking attempt');
 /**
 * This file defines the debug class used in this site to enable
--- a/public/include/classes/invitation.class.php
+++ b/public/include/classes/invitation.class.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 class Invitation extends Base {
  var $table = 'invitations';
--- a/public/include/classes/mail.class.php
+++ b/public/include/classes/mail.class.php
@ -1,8 +1,5 @@
 <?php
-
+(!cfip()) ? header('HTTP/1.1 401 Unauthorized') : 0;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 class Mail extends Base {
  /**
--- a/public/include/classes/memcache_ad.class.php
+++ b/public/include/classes/memcache_ad.class.php
@ -0,0 +1,73 @@
 <?php
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 class MemcacheAntiDos
 {
  public $cache;
  public static $key = 'mcad_';
  public static $request_model = array(
  	'ident' => '',
    'last_hit' => 0,
    'last_flush' => 0,
    'hits_since_flush' => 0
  );
  public $rate_limit_this_request = false;
  public function __construct($config, $userORip, $request, $mcSettings) {
    if (PHP_OS == 'WINNT') {
      require_once('memcached.class.php');
    }
    $this->cache = new Memcached();
    $this->cache->addServer($mcSettings['host'], $mcSettings['port']);
    // set our config options
    $per_page = $config['per_page'];
    $flush_sec = $config['flush_seconds'];
    $rate_limit = $config['rate_limit'];
    unset($config);
    // prep stuff we need to check this request
    $key_md5 = substr(md5($userORip), 0, 4);
    $request_md5 = substr(md5($request), 0, 4);
    $request_key = $mcSettings['keyprefix'].self::$key.$key_md5."_".$request_md5."_".$per_page;
    $request_data = $this->cache->get($request_key);
    $now = time();
    // check the request
    if (is_array($request_data)) {
      // this request key already exists, update it
      $request_data['ident'] = $key_md5;
      $request_data['last_hit'] = $now;
      $request_data['hits_since_flush'] += 1;
      // not rate limited yet, update the rest of the object
      if ($request_data['hits_since_flush'] < $rate_limit) {
        if (($request_data['last_flush'] + $flush_sec) <= $now || ($request_data['last_hit'] + $flush_sec) <= $now) {
          // needs to be flushed
          $request_data['hits_since_flush'] = 0;
          $request_data['last_hit'] = 0;
          $request_data['last_flush'] = $now;
          // update the object
          $this->cache->set($request_key, $request_data, $flush_sec);
          $this->rate_limit_this_request = false;
        } else {
          // no flush, just update
          $this->cache->set($request_key, $request_data, $flush_sec);
          $this->rate_limit_this_request = false;
        }
      } else {
        // too many hits, we should rate limit this
        $this->rate_limit_this_request = true;
      }
    } else {
      // doesn't exist for this request_key, create one
      $new_data = self::$request_model;
      $new_data['ident'] = $key_md5;
      $new_data['last_hit'] = time();
      $new_data['hits_since_flush'] = 1;
      $new_data['last_flush'] = $now;
      $this->cache->set($request_key, $new_data, $flush_sec);
      $this->rate_limit_this_request = false;
    }
  }
  public function rateLimitRequest() {
    return $this->rate_limit_this_request;
  }
 }
 ?>
--- a/public/include/classes/memcached.class.php
+++ b/public/include/classes/memcached.class.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 /**
 * A wrapper class which provides compatibility between Memcached and Memcache
--- a/public/include/classes/monitoring.class.php
+++ b/public/include/classes/monitoring.class.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 class Monitoring extends Base {
   protected $table = 'monitoring';
--- a/public/include/classes/news.class.php
+++ b/public/include/classes/news.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 class News extends Base {
  protected $table = 'news';
--- a/public/include/classes/notification.class.php
+++ b/public/include/classes/notification.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 class Notification extends Mail {
  var $table = 'notifications';
--- a/public/include/classes/payout.class.php
+++ b/public/include/classes/payout.class.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 class Payout Extends Base {
  protected $table = 'payouts';
--- a/public/include/classes/roundstats.class.php
+++ b/public/include/classes/roundstats.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 class RoundStats extends Base {
  private $tableTrans = 'transactions';
--- a/public/include/classes/setting.class.php
+++ b/public/include/classes/setting.class.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 class Setting extends Base {
  protected $table = 'settings';
--- a/public/include/classes/share.class.php
+++ b/public/include/classes/share.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 class Share Extends Base {
  protected $table = 'shares';
--- a/public/include/classes/statistics.class.php
+++ b/public/include/classes/statistics.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 /*
--- a/public/include/classes/statscache.class.php
+++ b/public/include/classes/statscache.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 /**
 * A wrapper class used to store values transparently in memcache
--- a/public/include/classes/strict.class.php
+++ b/public/include/classes/strict.class.php
@ -1,11 +1,110 @@
 <?php 
-error_reporting(E_ALL);
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 class SessionManager {
-  private $session_state = 0;
+  private $bind_address = '';
  private $started = false;
  private $host_verified = false;
  private $config_dura = 0;
  private $config_path = '';
  private $config_domain = '';
  private $config_secure = false;
  private $config_httponly = false;
  private $server_http_host = null;
  private $current_session_id = '';
  private $current_session_ip = '';
  public $memcache_handle = null;
  public function set_cookie_params($duration, $path, $domain, $secure, $httponly) {
    session_set_cookie_params((time()+$duration), $path, $domain, $secure, $httponly);
  }
  public function verify_server() {
    if ($this->bind_address !== $this->server_http_host) {
      return false;
    } else {
      return true;
    }
  }
  public function verify_client($ip) {
    if ($this->started && $this->memcache_handle !== null && $this->verify_server()) {
      $read_client = $this->memcache_handle->get(md5((string)$ip));
      if ($read_client !== false) {
        if (md5((string)$ip) !== $read_client[0]) {
          return false;
        } else {
          return true;
        }
      } else {
        return false;
      }
    } else {
      return false;
    }
  }
  public function update_client($ip) {
    if ($this->started && $this->memcache_handle !== null && $this->verify_client($ip)) {
      $this->memcache_handle->set(md5((string)$ip), array($this->current_session_id, time()));
    }
  }
  public function set_cookie() {
    if ($this->started && $this->memcache_handle !== null && $this->verify_server() && $this->verify_client($ip)) {
      @setcookie(session_name(), session_id(), $this->config_dura, $this->config_path, $this->config_domain, $this->config_secure, $this->config_httponly);
    }
  }
  public function destroy_session($ip) {
    if ($this->started && $this->verify_server() && $this->verify_client($ip)) {
      $this->memcache_handle->delete(md5((string)$ip));
      if (ini_get('session.use_cookies')) {
        setcookie(session_name(), '', time() - 42000, $config_path, $config_domain, $config_secure, $config_httponly);
      }
      session_destroy();
      session_regenerate_id(true);
    }
  }
  public function create_session($ip) {
-    // TODO: put memcache rate limiting into here
+    if (!$this->verify_server()) {
      return false;
    } else {
      $session_start = @session_start();
      if (!$session_start) {
        session_destroy();
        session_regenerate_id(true);
        session_start();
        $this->update_client($ip);
        $this->started = true;
        $this->current_session_id = session_id();
        $this->set_cookie();
        return true;
      } else {
        if ($this->verify_server() && $this->verify_client($ip)) {
          $this->update_client($ip);
          return true;
        }
      }
    }
  }
  public function __construct($config, $server_host) {
    $this->config_dura = $config['cookie']['duration'];
    $this->config_path = $config['cookie']['path'];
    $this->config_domain = $config['cookie']['domain'];
    $this->config_secure = $config['cookie']['secure'];
    $this->config_httponly = $config['cookie']['httponly'];
    if ($config['strict__enforce_ssl']) $config['strict__bind_protocol'] = 'https';
    $this->bind_address = $config['strict__bind_protocol']."://".$config['strict__bind_host'].":".$config['strict__bind_port'];
    $this->server_http_host = $config['strict__bind_protocol']."://".$_SERVER['HTTP_HOST'].":".$config['strict__bind_port'];
    unset($config);
    $this->set_cookie_params((time()+$this->config_dura), $this->config_path, $this->config_domain, $this->config_secure, $this->config_httponly);
  }
 }
@ -30,11 +129,11 @@ class mysqli_strict extends mysqli {
        	  break;
        	case 'd':
        	  $return_dbl = filter_var($acopy[$i], FILTER_VALIDATE_FLOAT, FILTER_NULL_ON_FAILURE);
-        	  return ($return_dbl !== null) ? (double)$return_dbl : false;
+        	  return ($return_dbl !== null) ? (float)$return_dbl : false;
        	  break;
        	case 'b':
        	  $return_bool = filter_var($acopy[$i], FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
-        	  return ($return_bool !== null) ? (boolean)$return_bool : false;
+        	  return ($return_bool !== null) ? (bool)$return_bool : false;
        	  break;
        }
      }
--- a/public/include/classes/template.class.php
+++ b/public/include/classes/template.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 class Template extends Base {
  protected $table = 'templates';
--- a/public/include/classes/token.class.php
+++ b/public/include/classes/token.class.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 class Token Extends Base {
  protected $table = 'tokens';
--- a/public/include/classes/tokentype.class.php
+++ b/public/include/classes/tokentype.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 class Token_Type Extends Base {
  protected $table = 'token_types';
--- a/public/include/classes/tools.class.php
+++ b/public/include/classes/tools.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 /**
 * Helper class for our cronjobs
--- a/public/include/classes/transaction.class.php
+++ b/public/include/classes/transaction.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 class Transaction extends Base {
  protected $table = 'transactions';
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 class User extends Base {
  protected $table = 'accounts';
@ -531,7 +528,7 @@ class User extends Base {
    // Enforce generation of a new Session ID and delete the old
    session_regenerate_id(true);
    // Enforce a page reload and point towards login with referrer included, if supplied
-    $port = ($_SERVER["SERVER_PORT"] == "80" or $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
+    $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
    $location = @$_SERVER['HTTPS'] ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $_SERVER['SCRIPT_NAME'] : 'http://' . $_SERVER['SERVER_NAME'] . $port . $_SERVER['SCRIPT_NAME'];
    if (!empty($from)) $location .= '?page=login&to=' . urlencode($from);
    // if (!headers_sent()) header('Location: ' . $location);
--- a/public/include/classes/worker.class.php
+++ b/public/include/classes/worker.class.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 class Worker extends Base {
  protected $table = 'pool_worker';
--- a/public/include/config/admin_settings.inc.php
+++ b/public/include/config/admin_settings.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 $aThemes = $template->getThemes();
--- a/public/include/config/error_codes.inc.php
+++ b/public/include/config/error_codes.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 $aErrorCodes['OK'] = 'OK';
 $aErrorCodes['E0001'] = 'Out of Order Share Detected';
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@ -1,13 +1,24 @@
 <?php
-// Make sure we are called from index.php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
-if (!defined('SECURITY')) die('Hacking attempt');
+
 /**
 * Forces extra security options when enabled
 */
 $config['strict'] = true;
 $config['strict__enforce_ssl'] = false;
 $config['strict__bind_protocol'] = 'http';
 $config['strict__bind_host'] = 'localhost';
 $config['strict__bind_port'] = 80;
 // CHANGE THIS KEY
 define('strict__FIP_key', '45934debe4965c10c424254a2c8170df');
 // If you use this, you'll also have to change a key in public/index.php ... you'll see.
 /**
 * Do not edit this unless you have confirmed that your config has been updated!
 * This is used in the version check to ensure you run the latest version of the configuration file.
 * Once you upgraded your config, change the version here too.
 **/
-$config['version'] = '0.0.6';
+$config['version'] = '0.0.7';
 // Our include directory for additional features
 define('INCLUDE_DIR', BASEPATH . 'include');
--- a/public/include/config/memcache_keys.inc.php
+++ b/public/include/config/memcache_keys.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 define('STATISTICS_ALL_USER_SHARES', 'STATISTICS_ALL_USER_SHARES');
 define('STATISTICS_ALL_USER_HASHRATES', 'STATISTICS_ALL_USER_HASHRATES');
--- a/public/include/database.inc.php
+++ b/public/include/database.inc.php
@ -1,15 +1,11 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
    die('Hacking attempt');
 // Instantiate class, we are using mysqlng
 if ($config['strict']) {
-  $mysqli = new mysqli_strict($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']) or die('couldnt load class');
+  $mysqli = new mysqli_strict($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']);
  //$mysqli = new mysqli($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']);
 } else {
-  
+  $mysqli = new mysqli($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']);
 }
 // Check if read-only and quit if it is on
--- a/public/include/pages/about.inc.php
+++ b/public/include/pages/about.inc.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
    die('Hacking attempt');
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
--- a/public/include/pages/about/api.inc.php
+++ b/public/include/pages/about/api.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
--- a/public/include/pages/about/donors.inc.php
+++ b/public/include/pages/about/donors.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($setting->getValue('disable_donors')) {
  $_SESSION['POPUP'][] = array('CONTENT' => 'Donors are currently disabled. Please try again later.', 'TYPE' => 'errormsg');
--- a/public/include/pages/about/pool.inc.php
+++ b/public/include/pages/about/pool.inc.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
    die('Hacking attempt');
 if ($setting->getValue('disable_about')) {
  $_SESSION['POPUP'][] = array('CONTENT' => 'Donors are currently disabled. Please try again later.', 'TYPE' => 'errormsg');
--- a/public/include/pages/about/pplns.inc.php
+++ b/public/include/pages/about/pplns.inc.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
    die('Hacking attempt');
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
--- a/public/include/pages/account.inc.php
+++ b/public/include/pages/account.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($user->isAuthenticated()) {
  // Tempalte specifics
--- a/public/include/pages/account/confirm.inc.php
+++ b/public/include/pages/account/confirm.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Confirm an account by token
 if (!isset($_GET['token']) || empty($_GET['token'])) {
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@ -1,8 +1,5 @@
 <?php
-error_reporting(E_ALL);
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 // twofactor stuff
 $cp_editable = $wf_editable = $ea_editable = $wf_sent = $ea_sent = $cp_sent = 0;
@ -178,14 +175,15 @@ if ($user->isAuthenticated() && $config['twofactor']['enabled']) {
  (!empty($wfprep_sent) && empty($wfprep_edit)) ? $_SESSION['POPUP'][] = array('CONTENT' => $message_tokensent_invalid.$messages_tokensent_status['wf'], 'TYPE' => 'success'):"";
  (!empty($cpprep_sent) && !empty($cpprep_edit)) ? $_SESSION['POPUP'][] = array('CONTENT' => $cpprep_sent, 'TYPE' => 'success'):"";
  (!empty($cpprep_sent) && empty($cpprep_edit)) ? $_SESSION['POPUP'][] = array('CONTENT' => $message_tokensent_invalid.$messages_tokensent_status['cp'], 'TYPE' => 'success'):"";
  // two-factor stuff
  $smarty->assign("CHANGEPASSUNLOCKED", $cp_editable);
  $smarty->assign("WITHDRAWUNLOCKED", $wf_editable);
  $smarty->assign("DETAILSUNLOCKED", $ea_editable);
  $smarty->assign("CHANGEPASSSENT", $cp_sent);
  $smarty->assign("WITHDRAWSENT", $wf_sent);
  $smarty->assign("DETAILSSENT", $ea_sent);
 }
-// two-factor stuff
+
 $smarty->assign("CHANGEPASSUNLOCKED", $cp_editable);
 $smarty->assign("WITHDRAWUNLOCKED", $wf_editable);
 $smarty->assign("DETAILSUNLOCKED", $ea_editable);
 $smarty->assign("CHANGEPASSSENT", $cp_sent);
 $smarty->assign("WITHDRAWSENT", $wf_sent);
 $smarty->assign("DETAILSSENT", $ea_sent);
 $smarty->assign("DONATE_THRESHOLD", $config['donate_threshold']);
 // Tempalte specifics
--- a/public/include/pages/account/invitations.inc.php
+++ b/public/include/pages/account/invitations.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($user->isAuthenticated()) {
  if (!$setting->getValue('disable_invitations')) {
--- a/public/include/pages/account/notifications.inc.php
+++ b/public/include/pages/account/notifications.inc.php
@ -1,7 +1,6 @@
 <?php
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($user->isAuthenticated()) {
  if ($setting->getValue('disable_notifications') == 1) {
    $_SESSION['POPUP'][] = array('CONTENT' => 'Notification system disabled by admin.', 'TYPE' => 'info');
--- a/public/include/pages/account/qrcode.inc.php
+++ b/public/include/pages/account/qrcode.inc.php
@ -1,6 +1,5 @@
 <?php
-// Make sure we are called from index.php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($user->isAuthenticated()) $smarty->assign("CONTENT", "default.tpl");
 ?>
--- a/public/include/pages/account/reset_failed.inc.php
+++ b/public/include/pages/account/reset_failed.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($user->isAuthenticated()) {
  // Reset failed login counter
--- a/public/include/pages/account/transactions.inc.php
+++ b/public/include/pages/account/transactions.inc.php
@ -1,7 +1,6 @@
 <?php
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($user->isAuthenticated()) {
  $iLimit = 30;
  empty($_REQUEST['start']) ? $start = 0 : $start = $_REQUEST['start'];
--- a/public/include/pages/account/unlock.inc.php
+++ b/public/include/pages/account/unlock.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Confirm an account by token
 if (!isset($_GET['token']) || empty($_GET['token'])) {
--- a/public/include/pages/account/workers.inc.php
+++ b/public/include/pages/account/workers.inc.php
@ -1,6 +1,5 @@
 <?php
-// Make sure we are called from index.php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($user->isAuthenticated()) {
  switch (@$_REQUEST['do']) {
--- a/public/include/pages/admin.inc.php
+++ b/public/include/pages/admin.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/admin/dashboard.inc.php
+++ b/public/include/pages/admin/dashboard.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/admin/monitoring.inc.php
+++ b/public/include/pages/admin/monitoring.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/admin/news.inc.php
+++ b/public/include/pages/admin/news.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/admin/news_edit.inc.php
+++ b/public/include/pages/admin/news_edit.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/admin/poolworkers.inc.php
+++ b/public/include/pages/admin/poolworkers.inc.php
@ -1,6 +1,5 @@
 <?php
-// Make sure we are called from index.php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/admin/reports.inc.php
+++ b/public/include/pages/admin/reports.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/admin/settings.inc.php
+++ b/public/include/pages/admin/settings.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/admin/templates.inc.php
+++ b/public/include/pages/admin/templates.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/admin/transactions.inc.php
+++ b/public/include/pages/admin/transactions.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/admin/user.inc.php
+++ b/public/include/pages/admin/user.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/admin/wallet.inc.php
+++ b/public/include/pages/admin/wallet.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user to ensure they are admin
 if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
--- a/public/include/pages/api.inc.php
+++ b/public/include/pages/api.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getblockcount.inc.php
+++ b/public/include/pages/api/getblockcount.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getblocksfound.inc.php
+++ b/public/include/pages/api/getblocksfound.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getblockstats.inc.php
+++ b/public/include/pages/api/getblockstats.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getcronjobstatus.inc.php
+++ b/public/include/pages/api/getcronjobstatus.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getcurrentworkers.inc.php
+++ b/public/include/pages/api/getcurrentworkers.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getdashboarddata.inc.php
+++ b/public/include/pages/api/getdashboarddata.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the system is enabled
 if ($setting->getValue('disable_dashboard_api')) {
--- a/public/include/pages/api/getdifficulty.inc.php
+++ b/public/include/pages/api/getdifficulty.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getestimatedtime.inc.php
+++ b/public/include/pages/api/getestimatedtime.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/gethourlyhashrates.inc.php
+++ b/public/include/pages/api/gethourlyhashrates.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getnavbardata.inc.php
+++ b/public/include/pages/api/getnavbardata.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the system is enabled
 if ($setting->getValue('disable_navbar_api')) {
--- a/public/include/pages/api/getpoolhashrate.inc.php
+++ b/public/include/pages/api/getpoolhashrate.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getpoolinfo.inc.php
+++ b/public/include/pages/api/getpoolinfo.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getpoolsharerate.inc.php
+++ b/public/include/pages/api/getpoolsharerate.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getpoolstatus.inc.php
+++ b/public/include/pages/api/getpoolstatus.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/gettimesincelastblock.inc.php
+++ b/public/include/pages/api/gettimesincelastblock.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/gettopcontributors.inc.php
+++ b/public/include/pages/api/gettopcontributors.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check user token and access level permissions
 $user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);
--- a/public/include/pages/api/getuserbalance.inc.php
+++ b/public/include/pages/api/getuserbalance.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getuserhashrate.inc.php
+++ b/public/include/pages/api/getuserhashrate.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getusersharerate.inc.php
+++ b/public/include/pages/api/getusersharerate.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getuserstatus.inc.php
+++ b/public/include/pages/api/getuserstatus.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getusertransactions.inc.php
+++ b/public/include/pages/api/getusertransactions.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/getuserworkers.inc.php
+++ b/public/include/pages/api/getuserworkers.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/api/public.inc.php
+++ b/public/include/pages/api/public.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();
--- a/public/include/pages/contactform.inc.php
+++ b/public/include/pages/contactform.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($setting->getValue('disable_contactform')) {
  $_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
--- a/public/include/pages/contactform/contactform.inc.php
+++ b/public/include/pages/contactform/contactform.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($setting->getValue('recaptcha_enabled')) {
  // Load re-captcha specific data
--- a/public/include/pages/dashboard.inc.php
+++ b/public/include/pages/dashboard.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($user->isAuthenticated()) {
  if (! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300;
--- a/public/include/pages/error.inc.php
+++ b/public/include/pages/error.inc.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
    die('Hacking attempt');
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
--- a/public/include/pages/error/404.inc.php
+++ b/public/include/pages/error/404.inc.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
    die('Hacking attempt');
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
--- a/public/include/pages/error/ratelimit.inc.php
+++ b/public/include/pages/error/ratelimit.inc.php
@ -0,0 +1,6 @@
 <?php
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
 ?>
--- a/public/include/pages/gettingstarted.inc.php
+++ b/public/include/pages/gettingstarted.inc.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
    die('Hacking attempt');
 $smarty->assign("SITESTRATUMURL", $config['gettingstarted']['stratumurl']);
 $smarty->assign("SITESTRATUMPORT", $config['gettingstarted']['stratumport']);
--- a/public/include/pages/home.inc.php
+++ b/public/include/pages/home.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Include markdown library
 use \Michelf\Markdown;
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // ReCaptcha handling if enabled
 if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_logins')) {
--- a/public/include/pages/logout.inc.php
+++ b/public/include/pages/logout.inc.php
@ -1,10 +1,11 @@
 <?php
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
-// Make sure we are called from index.php
+if ($config['strict']) {
-if (!defined('SECURITY'))
+  $session->destroy_session($_SERVER['REMOTE_ADDR']);
-    die('Hacking attempt');
+  $user->logoutUser();
-
+} else {
-// This probably (?) never fails
+  $user->logoutUser();
-$user->logoutUser();
+}
 $smarty->assign("CONTENT", "default.tpl");
 ?>
--- a/public/include/pages/news.inc.php
+++ b/public/include/pages/news.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Include markdown library
 use \Michelf\Markdown;
--- a/public/include/pages/password.inc.php
+++ b/public/include/pages/password.inc.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
    die('Hacking attempt');
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
--- a/public/include/pages/password/change.inc.php
+++ b/public/include/pages/password/change.inc.php
@ -1,8 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY'))
  die('Hacking attempt');
 if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
  if (isset($_POST['do']) && $_POST['do'] == 'resetPassword') {
--- a/public/include/pages/password/reset.inc.php
+++ b/public/include/pages/password/reset.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 // Process password reset request
 if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
--- a/public/include/pages/register.inc.php
+++ b/public/include/pages/register.inc.php
@ -1,7 +1,5 @@
 <?php
-
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 if ($setting->getValue('lock_registration') && $setting->getValue('disable_invitations')) {
  $_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
--- a/Show More
+++ b/Show More