$value){ $_REQUEST[$key] = addslashes_array($_REQUEST[$key]); } foreach ($_GET as $key => $value) { $_GET[$key] = addslashes_array($_GET[$key]); } foreach ($_POST as $key => $value) { $_POST[$key] = addslashes_array($_POST[$key]); } foreach ($_COOKIE as $key => $value) { $_COOKIE[$key] = addslashes_array($_COOKIE[$key]); } } function addslashes_array($a) { if(is_array($a)) { foreach($a as $n=>$v) { $b[$n]=addslashes_array($v); } return $b; } else { return addslashes($a); } } $GET_ARRAY = array( "start" => " - paging - " ,"item" => " - pages - " ,"page_id" => " - pages - " ,"page" => " - pages - " ,"c" => " - news categories, gallery categories, product categories - " ,"id" => " - news detail, products detail - " ,"man" => " - product manufacturer - " ,"sp" => " - product specials - " ,"adr" => " - eco address - " ,"pr_add" => " - eco add product - " ,"qnt" => " - eco add product quantity - " ,"spec" => " - eco prod spec - " ,"pr_del" => " - prod del favorite - " ,"pr_add" => " - prod add favorite - " ,"show_poll" => " - polls detail - " ,"pr" => " - suggestions detail - " ,"linkRedir" => " - banners - " ,"cu" => " - cultivations - " ,"edit_id" => " - farmer id - " ,"f_id" => " - field id - " ,"geo" => "geo location" ,"km" => "kilometer" ,"width" => "resize width" ,"height" => "resize height" ); $POST_ARRAY = array( "__poll_" => " - polls vote - " ); $injvars = ""; foreach ($_GET as $key => $value) { if(isset($GET_ARRAY[$key]) && $value != "") { if($value != strval(intval(trim($value)))) { $injvars .= $key . "=>" . stripslashes ($value); unset($_GET[$key]); $_GET[$key] = intval($value); } } } if($injvars != "") { $HTTP_HOST = $_SERVER['HTTP_HOST']; $PHP_SELF = isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : " ??? "; $IP = (getenv("HTTP_X_FORWARDED_FOR")) ? getenv("HTTP_X_FORWARDED_FOR") : getenv("REMOTE_ADDR"); $PHP_SELF_IP = $HTTP_HOST . " (" . $PHP_SELF . (isset($_SERVER['QUERY_STRING']) ? "?" . stripslashes(urldecode($_SERVER['QUERY_STRING'])) : "") . ")"; $DateTime=date("Y-m-d H:i:s", time()); $LogMsg = "DateTime: " . $DateTime . "
"; $LogMsg .= "Host: " . $PHP_SELF_IP . "
"; $LogMsg .= "Ip: " . $IP . "
"; $LogMsg .= "Var: " . $injvars . "
"; $LogMsg .= "Header: "; foreach (getHeaders() as $name => $value) { $LogMsg .= "$name: $value, "; } //echo $LogMsg; $Headers = "MIME-Version: 1.0\r\nContent-type: text/html; charset=iso-8859-1\r\nFrom: Inj - " . $HTTP_HOST . " \r\n"; @mail("g.koskinopoulos@gmail.com","Injection: " . $HTTP_HOST, $LogMsg, $Headers); if(!isset($_SERVER["HTTP_X_FORWARDED_FOR"])) $_SERVER["HTTP_X_FORWARDED_FOR"] = "...."; $allow = array("119.251.51.131"); if(in_array($_SERVER['REMOTE_ADDR'], $allow) || in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) { header("HTTP/1.1 503 Service Unavailable"); echo "

SQL injection

"; exit(); } } function getHeaders() { $headers = array(); foreach ($_SERVER as $k => $v) { if (substr($k, 0, 5) == "HTTP_") { $k = str_replace('_', ' ', substr($k, 5)); $k = str_replace(' ', '-', ucwords(strtolower($k))); $headers[$k] = $v; } } return $headers; } ?>LoadLanguage($db,$tempLanguageCode); if($this->LanguageID == '') { $this->LoadLanguageDefault($db); } if($this->LanguageID == '') { $this->LoadLanguage($db,"gr"); } if($this->LanguageID == '') { $this->LoadLanguage($db,"en"); } } function LoadLanguage(&$db, $LanguageCode) { global $config; if(isset($config['vp_languages'])) { if(isset($config['vp_languages'][$LanguageCode]) && $config['vp_languages'][$LanguageCode]['is_active']) { $this->LanguageID = $config['vp_languages'][$LanguageCode]['language_id']; $this->LanguageCode = $config['vp_languages'][$LanguageCode]['language_code']; $this->LanguageName = $config['vp_languages'][$LanguageCode]['language_name']; $this->LanguageCharset = $config['vp_languages'][$LanguageCode]['charset']; $this->DateFormat = $config['vp_languages'][$LanguageCode]['dateFormat']; $this->DecimalFormat = $config['vp_languages'][$LanguageCode]['decimalFormat']; } } else if(isset($db)) { $result = $db->sql_query("SELECT * FROM languages WHERE is_active = 'True' AND language_code = '" . $LanguageCode . "'"); if($dr = $db->sql_fetchrow($result)){ $this->LanguageID = $dr["language_id"]; $this->LanguageCode = $dr["language_code"]; $this->LanguageName = $dr["language_name"]; $this->LanguageCharset = $dr["charset"]; $this->DateFormat = $dr["dateFormat"]; $this->DecimalFormat = $dr["decimalFormat"]; } $db->sql_freeresult($result); } } function LoadLanguageDefault(&$db) { global $config; if(isset($config['vp_languages'])) { foreach ($config['vp_languages'] as $LanguageCode => $value) { if(isset($config['vp_languages'][$LanguageCode]) && $config['vp_languages'][$LanguageCode]['is_active']) { $this->LanguageID = $config['vp_languages'][$LanguageCode]['language_id']; $this->LanguageCode = $config['vp_languages'][$LanguageCode]['language_code']; $this->LanguageName = $config['vp_languages'][$LanguageCode]['language_name']; $this->LanguageCharset = $config['vp_languages'][$LanguageCode]['charset']; $this->DateFormat = $config['vp_languages'][$LanguageCode]['dateFormat']; $this->DecimalFormat = $config['vp_languages'][$LanguageCode]['decimalFormat']; break; } } } else if(isset($db)) { $result = $db->sql_query("SELECT * FROM languages WHERE is_default = 'True' LIMIT 1"); if($dr = $db->sql_fetchrow($result)){ $this->LanguageID = $dr["language_id"]; $this->LanguageCode = $dr["language_code"]; $this->LanguageName = $dr["language_name"]; $this->LanguageCharset = $dr["charset"]; $this->DateFormat = $dr["dateFormat"]; $this->DecimalFormat = $dr["decimalFormat"]; } $db->sql_freeresult($result); } } } ?>MsgCollector,$msg); } function GetValidators($split = "\\n") { $ret = ""; for($i = 0 ; $i < count($this->MsgCollector) ; $i++){ $ret .= "- " . str_replace("'","",$this->MsgCollector[$i]) . $split; } return $ret; } function RenderMessages() { global $config; if(count($this->MsgCollector) > 0) { if(isset($config["vp_enabled_jquery_msg"]) && $config["vp_enabled_jquery_msg"] == "true") { ?>