Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/alumni/inc/   drwxrwxrwx
Free 52.33 GB of 127.8 GB (40.94%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    

Viewing file:     inc_functions.php (57.11 KB)      -rw-r--r--

 (GPLv2)
	or write to the Free Software Foundation, Inc., 51 Franklin Street,
	Fifth Floor, Boston, MA02110-1301, USA.
		
********************************************************************************/

if (stristr(htmlentities($_SERVER['PHP_SELF']), "inc_functions.php")) {
	die("
Error: This file cannot be opened directly!
");
}

if (isset($_GET['newlang'])) {
	$newlang = inCode($_GET['newlang']);
	if (validate($newlang)) {
		if ($newlang != "reset") {
			setcookie("language",$newlang,time()+31536000); //1year
		} else {
			setcookie("language","",time()-31536000); //-1year
		}
		header("Location: index.php");
	}
}

if (isset($_GET['newtemplate'])) {
	$newtemplate = inCode($_GET['newtemplate']);
	if (validate($newtemplate)) {
		if ($newtemplate != "reset") {
			setcookie("template",$newtemplate,time()+31536000); //1year
		} else {
			setcookie("template","",time()-31536000); //-1year
		}
		header("Location: index.php");
	}
}

if (isset($_GET['changerss'])) {
	if (isAuth($userid,3)) {
		$changerss = intval($_GET['changerss']);
		$dblink->query("UPDATE memht_rssreader_links SET inblock=0");
		$dblink->query("UPDATE memht_rssreader_links SET inblock=1 WHERE id=$changerss");
	}
}

//===========================================
//Security
//===========================================

//Query string protection (Unknown author)
if(isset($_SERVER['QUERY_STRING'])) {
	$qS = $_SERVER['QUERY_STRING'];
	if (stc($qS,'%20union%20')
	OR stc($qS,'/*')
	OR stc($qS,'*/union/*')
	OR stc($qS,'c2nyaxb0')
	OR stc($qS,'+union+')
	OR stc($qS,'http://')
	//OR stc($qS,'www')
	OR (stc($qS,'cmd=') AND !stc($qS,'&cmd')) 
	OR (stc($qS,'exec') AND !stc($qS,'execu'))
	OR stc($qS,'concat')) {
		die("
Illegal Operation: Query not allowed.
");
	}
}
//Post protection (Unknown author) [MAY BE DISABLED]
if (@$_SERVER['REQUEST_METHOD']=="POST") {
	if (isset($_SERVER['HTTP_REFERER'])) {
    	if (!stc($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
			die("
Illegal Operation: Posting allowed only from main server.
");
    	}
  	}
}
function stc($haystack, $needle, $offset=0) {
	return strpos(strtoupper($haystack), strtoupper($needle), $offset);
}

//Initialize configuration and language
$row_conf = $dblink->get_row("SELECT * FROM memht_config");
if (isset($_COOKIE['language'])) { $siteConfig['language'] = preg_replace('`[^a-zA-Z]`is','',$_COOKIE['language']); } else { $siteConfig['language'] = outCode($row_conf['lingua']); }

//Control if the page name is valid
if (isset($_GET['page'])) {
	if (eregi("[^0-9a-zA-Z_-]",$_GET['page'])) {
		die("
Illegal Operation: Special chars in page name not allowed.
");
	}
	$page = inCode($_GET['page']);
}

//Check if there are special chars in the string
function checkCode($code) {
	return (eregi("^[0-9a-zA-Z_-]*$",$code)) ? true : false ;
}

//Clean special chars and code tags from the string
function cleanCode($str) {
	//<>/\?&`~!@#$%^*()[]
bool(false)