RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed check against define like it used to even if SECHASH_CHECK is disabled

Browse Source 
fixed ajax calls in memcache limiter to use REQUEST page/action rather than QUERY_STRING
This commit is contained in:
Joey 2014-01-26 08:08:20 -05:00 committed by xisi
parent b728b680ca
commit d5f1c97f82
1 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
public/index.php
View File

@ -19,6 +19,7 @@ limitations under the License.
// Set a decently long SECURITY key with special chars etc // Set a decently long SECURITY key with special chars etc
define('SECURITY', '*)WT#&YHfd'); define('SECURITY', '*)WT#&YHfd');
// Disable the sechash check if you're sure, still checks if SECURITY defined as before
define('SECHASH_CHECK', true); define('SECHASH_CHECK', true);
// change SECHASH every second, we allow up to 3 sec back for slow servers // change SECHASH every second, we allow up to 3 sec back for slow servers
@ -27,7 +28,7 @@ if (SECHASH_CHECK) {
define('SECHASH', fip()); define('SECHASH', fip());
function cfip() { return (fip()==SECHASH||fip(1)==SECHASH||fip(2)==SECHASH) ? 1 : 0; } function cfip() { return (fip()==SECHASH||fip(1)==SECHASH||fip(2)==SECHASH) ? 1 : 0; }
} else { } else {
function cfip() { return 1; } function cfip() { return (defined('SECURITY')) ? 1 : 0; }
} }
// Used for performance calculations // Used for performance calculations
@ -43,8 +44,6 @@ if (!include_once(BASEPATH . 'include/config/global.inc.php')) die('Unable to lo
// Our default template to load, pages can overwrite this later // Our default template to load, pages can overwrite this later
$master_template = 'master.tpl'; $master_template = 'master.tpl';
// Start a session
// Load Classes, they name defines the $ variable used // Load Classes, they name defines the $ variable used
// We include all needed files here, even though our templates could load them themself // We include all needed files here, even though our templates could load them themself
require_once(INCLUDE_DIR . '/autoloader.inc.php'); require_once(INCLUDE_DIR . '/autoloader.inc.php');
@ -74,15 +73,20 @@ if ($config['memcache']['enabled'] && $config['mc_antidos']['enabled'] || $confi
$skip_check = false; $skip_check = false;
$per_page = ($config['mc_antidos']['per_page']) ? $_SERVER['QUERY_STRING'] : ''; $per_page = ($config['mc_antidos']['per_page']) ? $_SERVER['QUERY_STRING'] : '';
// if this is an api call we need to be careful not to time them out for those calls separately // if this is an api call we need to be careful not to time them out for those calls separately
$ajax_call_querystrings = array( $ajax_calls = array(
'page=api&action=getuserbalance', array('api', 'getuserbalance'),
'page=api&action=getnavbardata', array('api', 'getnavbardata'),
'page=api&action=getdashboarddata', array('api', 'getdashboarddata'),
'page=api&action=getuserworkers' array('api', 'getuserworkers')
); );
// cut off any potential extra get info from querystring and see if it's an ajax call $iac = 0;
$is_ajax_call = (in_array(substr($_SERVER['QUERY_STRING'], 0, 32), $ajax_call_querystrings)) ? true : false; foreach ($ajax_calls as $ac) {
$iac = (@$_REQUEST['page'] == $ac[0] && @$_REQUEST['action'] == $ac[1]) ? $iac+=1 : $iac;
}
$is_ajax_call = ($iac > 0) ? true : false;
if ($is_ajax_call && $config['mc_antidos']['protect_ajax']) { if ($is_ajax_call && $config['mc_antidos']['protect_ajax']) {
// we set this to navbar on purpose - if they screw with the REQUEST by adding more
// params it still gets added under navbar so multiple requests will still get capped
$per_page = 'navbar'; $per_page = 'navbar';
} else if ($is_ajax_call && !$config['mc_antidos']['protect_ajax']) { } else if ($is_ajax_call && !$config['mc_antidos']['protect_ajax']) {
// protect isn't on, we'll ignore it // protect isn't on, we'll ignore it