Initial commit
This commit is contained in:
Némunaire
commit
998d011cd3
233 changed files with 36893 additions and 0 deletions
28
onyx/include/common.php
Normal file
28
onyx/include/common.php
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
if(!defined('ONYX')) exit;
|
||||
|
||||
if (empty($sess->values["connected"]) && !defined("xCSRF"))
|
||||
define("xCSRF", true);
|
||||
|
||||
require_once("functions.php"); //Inclusion des principales fonctions
|
||||
|
||||
//On charge la session
|
||||
$SESS = new Session();
|
||||
|
||||
$template = new Template();
|
||||
|
||||
$template->assign("ERRmessage", false);
|
||||
$template->assign("auth_lvl", $SESS->level);
|
||||
$template->assign("SESS", $SESS->values);
|
||||
|
||||
if (!empty($LANG))
|
||||
$template->assign("LANG", $LANG);
|
||||
|
||||
//Evite les attaques CSRF
|
||||
if ($SESS->level > 2 && !empty($_SERVER["HTTP_REFERER"]) && !(preg_match('#^http://'.$_SERVER['HTTP_HOST'].'#', $_SERVER["HTTP_REFERER"]) && defined("xCSRF")))
|
||||
{
|
||||
elog("Possibilité d'attaque CSRF\n".var_export($_REQUEST, TRUE), 2);
|
||||
unset($_POST, $_GET);
|
||||
$_GET = $_POST = array();
|
||||
}
|
||||
?>
|
||||
Reference in a new issue