WB 2.08.x

25 Jul-2011 Build 1479 Dietmar Woellbrink (Luisehahne)

! preparing backend for the new installer

+ add SecureFormSwitcher (Admintool)

22 Jul-2011 Build 1478 Dietmar Woellbrink (Luisehahne)

// ---------------------------------------

if(defined('FINALIZE_SETUP')) {

	require_once(WB_PATH.'/framework/functions.php');

	$dirs = array( 'modules'   => WB_PATH.'/modules/',

	               'templates' => WB_PATH.'/templates/',

	               'languages' => WB_PATH.'/languages/'

	             );

	foreach($dirs AS $type => $dir) {

		if( ($handle = opendir($dir)) ) {

			while(false !== ($file = readdir($handle))) {

				if($file != '' AND substr($file, 0, 1) != '.' AND $file != 'admin.php' AND $file != 'index.php') {

					// Get addon type

					if($type == 'modules') {

						load_module($dir.'/'.$file, true);

						// Pretty ugly hack to let modules run $admin->set_error

						// See dummy class definition admin_dummy above

						if(isset($admin->error) && $admin->error != '') {

							$admin->print_error($admin->error);

						}

					} elseif($type == 'templates') {

						load_template($dir.'/'.$file);

					} elseif($type == 'languages') {

						load_language($dir.'/'.$file);

					}

				}

			}

		closedir($handle);

		}

	}

	$sql = 'DELETE FROM `'.TABLE_PREFIX.'settings` WHERE `name`=\'FINALIZE_SETUP\'';

	$database->query($sql);

}

// ---------------------------------------

if(!defined('REVISION')) define('REVISION', '1479');

<!-- BEGIN main_block -->

<script language="JavaScript" type="text/javascript">

/*<![CDATA[*/

if('{BACKLINK}'!=false) {

	redirect_to_page ('{BACKLINK}', 0);

}

/*]]>*/

</script>

   <table class="switch-ftan-info" summary="" cellpadding="4" cellspacing="0" border="0">

	<thead>

		<tr>

			<th colspan="3">Status: <span class="{FTAN_COLOR}">{TXT_HEADING}</span></th>

		</tr>

	</thead>

	<tbody>

		<tr>

			<td colspan="2" class="module-info"><p>{TEXT_INFO}</p></td>

		</tr>

		<tr>

			<td colspan="2"><p {FILE_FORMTAB_WARNING}>{FILE_FORMTAB_NOT_GOUND}</p></td>

		</tr>

	</tbody>

   </table>

   <form class="secure_switch" name="store_settings" action="{SERVER_REQUEST_URI}" method="post" >

	{FTAN}

	<input type="hidden" name="{SUBMIT_TYPE}" value="true" />

	<div class="left-content">

	   <table class="switch-ftan-form" summary="" cellpadding="4" cellspacing="0" border="0">

		<tbody>

			<tr>

				<td width="20"><input type="radio" name="ftan_switch" id="ftan_switch" value=""{SELECTED}/></td>

				<td><label for="ftan_switch">{TXT_SUBMIT_FORM}</label></td>

			</tr>

			<tr>

				<td width="20"><input type="radio" name="ftan_switch" id="ftan_switch_tab" value="mtab"{SELECTED_TAB}/></td>

				<td><label for="ftan_switch_tab">{TXT_SUBMIT_FORMTAB}</label></td>

			</tr>

			<tr>

				<td colspan="2">&nbsp;</td>

			</tr>

<!-- BEGIN show_mtab_block -->

			<tr>

				<td colspan="2">&nbsp;</td>

			</tr>

			<tr>

				<td colspan="2">&nbsp;</td>

			</tr>

			<tr>

				<td colspan="2">&nbsp;</td>

			</tr>

			<tr>

				<td colspan="2">&nbsp;</td>

			</tr>

			<tr>

				<td colspan="2">&nbsp;</td>

			</tr>

<!-- END show_mtab_block -->

			<tr>

				<td colspan="2">

					<input type="submit" name="save_settings" value="{TEXT_SUBMIT}" />

					<input type="submit" name="cancel" value="{TEXT_CANCEL}" />

				</td>

			</tr>

		</tbody>

	   </table>

	</div>

	<div class="right-content">

	   <table class="switch-ftan-form" summary="" cellpadding="4" cellspacing="0" border="0">

		<tbody>

			<tr>

				<td colspan="2">

					<select name="fingerprint_with_ip_octets">

						<option value="{USEIP_DEFAULT}"{USEIP_DEFAULT_SELECTED}>{TEXT_DEFAULT_SETTINGS}</option>

	<!-- BEGIN useip_mtab_loop -->

						<option value="{USEIP_VALUE}"{USEIP_SELECTED}>{USEIP_VALUE}</option>

	<!-- END useip_mtab_loop -->

					</select>

				</td>

				<td><label for="fingerprint_with_ip_octets">{TXT_SECFORM_USEIP}

						<a class="tooltip" href="#">? {TXT_SECFORM_USEIP_TOOLTIP}</a>

				</label></td>

			</tr>

	<!-- BEGIN mtab_block -->

			<tr>

				<td colspan="2"><input type="text" name="wb_secform_tokenname" id="wb_secform_tokenname" value="{WB_SECFORM_TOKENNAME}"/></td>

				<td><label for="wb_secform_tokenname">{TXT_SECFORM_TOKENNAME}

					<a class="tooltip" href="#">? {TXT_SECFORM_TOKENNAME_TOOLTIP}</a>

				</label></td>

			</tr>

			<tr>

				<td colspan="2"><input type="text" name="wb_secform_secret" id="wb_secform_secret" value="{WB_SECFORM_SECRET}"/></td>

				<td><label for="wb_secform_secret">{TXT_SECFORM_SECRET}

					<a class="tooltip" href="#">? {TXT_SECFORM_SECRET_TOOLTIP}</a>

				</label></td>

			</tr>

			<tr>

				<td colspan="2"><input type="text" name="wb_secform_secrettime" id="wb_secform_secrettime" value="{WB_SECFORM_SECRETTIME}"/></td>

				<td><label for="wb_secform_secrettime">{TXT_SECFORM_SECRETTIME}

					<a class="tooltip" href="#">? {TXT_SECFORM_SECRETTIME_TOOLTIP}</a>

				</label></td>

			</tr>

			<tr>

				<td colspan="2"><input type="text" name="wb_secform_timeout" id="wb_secform_timeout" value="{WB_SECFORM_TIMEOUT}"/></td>

				<td><label for="wb_secform_timeout">{TXT_SECFORM_TIMEOUT}

					<a class="tooltip" href="#">? {TXT_SECFORM_TIMEOUT_TOOLTIP}</a>

				</label></td>

			</tr>

			<tr>

				<td>

					<label for="wb_secform_usefp_true">{TEXT_ENABLED}</label>

				</td>

				<td width="50">

					<input type="radio" value="true" id="wb_secform_usefp_true" name="wb_secform_usefp"{USEFP_CHECKED_TRUE} />

					<input type="radio" value="false" id="wb_secform_usefp_false" name="wb_secform_usefp"{USEFP_CHECKED_FALSE} />

				</td>

				<td><label for="wb_secform_usefp">{TXT_SECFORM_USEFP}

					<a class="tooltip" href="#">? {TXT_SECFORM_USEFP_TOOLTIP}</a>

				</label></td>

			</tr>

			<tr>

				<td>&nbsp;</td>

				<td>&nbsp;</td>

				<td>&nbsp;</td>

			</tr>

			<tr>

				<td colspan="4">&nbsp;</td>

			</tr>

			<tr>

				<td colspan="4">

					<input type="submit" name="save_settings_default" value="{TEXT_MSUBMIT}" />

				</td>

			</tr>

<!-- END mtab_block -->

		</tbody>

	   </table>

	</div>

   </form>

<!-- END main_block -->

<?php

/**

 *

 * @category        modules

 * @package         SecureFormSwitcher

 * @author          WebsiteBaker Project

 * @copyright       2004-2009, Ryan Djurovich

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link            http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.8.2

 * @requirements    PHP 5.2.2 and higher

 * @version         $Id$

 * @filesource      $HeadURL$

 * @lastmodified    $Date$

 *

 */

// Must include code to stop this file being access directly

if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }

require_once(WB_PATH.'/framework/class.database.php');

require_once(WB_PATH.'/framework/functions.php');

$sql  = 'DELETE FROM `'.TABLE_PREFIX.'settings` ';

$sql .= 'WHERE `name`=\'wb_secform_useip\' ';

$sql .=    'OR `name`=\'wb_secform_usefp\' ';

$sql .=    'OR `name`=\'wb_secform_tokenname\' ';

$sql .=    'OR `name`=\'wb_secform_timeout\' ';

$sql .=    'OR `name`=\'wb_secform_secrettime\' ';

$sql .=    'OR `name`=\'wb_secform_secret\' ';

$sql .=    'OR `name`=\'secure_form_module\' ';

$database->query($sql);

$dest_to_delete = WB_PATH.'/framework/SecureForm.mtab.php';

if(is_writeable(WB_PATH.'/framework') ) {

	@chmod($dest_to_delete, 0666);

	@unlink($dest_to_delete);

}

<?php

/**

 *

 * @category        modules

 * @package         SecureFormSwitcher

 * @author          WebsiteBaker Project

 * @copyright       2004-2009, Ryan Djurovich

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link            http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.8.2

 * @requirements    PHP 5.2.2 and higher

 * @version         $Id$

 * @filesource      $HeadURL$

 * @lastmodified    $Date$

 *

 */

$module_directory = 'SecureFormSwitcher';

$module_name = 'SecureForm Switcher';

$module_function = 'tool';

$module_version = '0.6.6';

$module_platform = '2.8.2';

$module_author = 'D. Wöllbrrink (Luisehahne),  Florian Meerwinck (instantflorian), Michael Tentschert (testör)';

$module_license	= 'GNU General Public License';

$module_description = 'This module switch between the <strong>SingleTab SecureForm</strong> and <strong>MultiTab SecureForm</strong>.';

<?php

/**

 *

 * @category        framework

 * @package         SecureForm.mtab

 * @author          WebsiteBaker Community Project

 * @copyright       2004-2009, Ryan Djurovich

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link			http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.8.2

 * @requirements    PHP 5.2.2 and higher

 * @version         $Id$

 * @filesource		$HeadURL$

 * @lastmodified    $Date$

 * @description

 */

##  Heavy patched version, idea for patches based on :

##  http://stackoverflow.com/questions/2695153/php-csrf-how-to-make-it-works-in-all-tabs/2695291#2695291

##  Whith this patch the token System now allows for multiple browser tabs but 

##  denies the use of multiple browsers.

##  You can configure this class by adding several constants to your config.php

##  All Patches are Copyright Norbert Heimsath released under GPLv3 

##  http://www.gnu.org/licenses/gpl.html

##  Take a look at  __construkt  for configuration options(constants).

##  Patch version 0.3.5

/**

 * If you want some special configuration put this somewhere in your config.php for

 * example or just uncomment the lines here

 *

 * This parameter now can be set with the admintool SecureForm Switcher coded by Luisehahne,

 * pls ask for it in the forum

 *

 * Secret can contain anything its the base for the secret part for the hash

 * define ('WB_SECFORM_SECRET','whatever you like');

 * after how many seconds a new secret is generated

 * define ('WB_SECFORM_SECRETTIME',86400);      #aprox one day

 * shall we use fingerprinting true/false

 * define ('WB_SECFORM_USEFP', true);

 * Timeout till the form token times out. Integer value between 0-86400 seconds (one day)

 * define ('WB_SECFORM_TIMEOUT', 3600);

 * Name for the token form element only alphanumerical string allowed that starts whith a charakter

 * define ('WB_SECFORM_TOKENNAME','my3form3');

 * how many blocks of the IP should be used in fingerprint 0=no ipcheck, possible values 0-4

 * define ('FINGERPRINT_WITH_IP_OCTETS',2);

 */

class SecureForm {

	const FRONTEND = 0;

	const BACKEND  = 1;      

        ## additional private data

	private $_secret      	 = '5609bnefg93jmgi99igjefg';

	private $_secrettime  	 = 86400;   #Approx. one day 

        private $_tokenname   	 = 'formtoken';

	private $_timeout	 = 7200;         

	private $_useipblocks	 = 2;

	private $_usefingerprint = true;

        ### additional private data

        private $_FTAN           = '';

	private $_IDKEYs         = array('0'=>'0');

	private $_idkey_name     = '';

	private $_salt           = '';

	private $_fingerprint    = '';

	private $_serverdata  	 = '';

	/* Construtor */

	protected function __construct($mode = self::FRONTEND){

        	## additional constants and stuff for global configuration

		# Secret can contain anything its the base for the secret part of the hash

                if (defined ('WB_SECFORM_SECRET')){ 	

			$this->_secret=WB_SECFORM_SECRET;

		}

		# shall we use fingerprinting

                if (defined ('WB_SECFORM_USEFP') AND WB_SECFORM_USEFP===false){

			$this->_usefingerprint	= false;

		}

                # Timeout till the form token times out. Integer value between 0-86400 seconds (one day)

                if (defined ('WB_SECFORM_TIMEOUT') AND is_numeric(WB_SECFORM_TIMEOUT) AND intval(WB_SECFORM_TIMEOUT) >=0 AND intval(WB_SECFORM_TIMEOUT) <=86400 ){

			$this->_timeout=intval(WB_SECFORM_TIMEOUT);

		}

		# Name for the token form element only alphanumerical string allowed that starts whith a charakter

                if (defined ('WB_SECFORM_TOKENNAME') AND !$this->_validate_alalnum(WB_SECFORM_TOKENNAME)){

			$this->_tokenname=WB_SECFORM_TOKENNAME;

		}

		# how many bloks of the IP should be used 0=no ipcheck 

                if (defined ('FINGERPRINT_WITH_IP_OCTETS') AND !$this->_is04(FINGERPRINT_WITH_IP_OCTETS)){

			$this->_useipblocks=FINGERPRINT_WITH_IP_OCTETS;

                }

		## additional stuff end 

		$this->_browser_fingerprint   = $this->_browser_fingerprint(true);

		$this->_fingerprint   = $this->_generate_fingerprint();

		$this->_serverdata    = $this->_generate_serverdata();

		$this->_secret        = $this->_generate_secret();

                $this->_salt          = $this->_generate_salt();

		$this->_idkey_name    = substr($this->_fingerprint, hexdec($this->_fingerprint[strlen($this->_fingerprint)-1]), 16);

		// make sure there is a alpha-letter at first position

		$this->_idkey_name[0] = dechex(10 + (hexdec($this->_idkey_name[0]) % 5));

		// takeover id_keys from session if available

		if(isset($_SESSION[$this->_idkey_name]) && is_array($_SESSION[$this->_idkey_name])){

			$this->_IDKEYs = $_SESSION[$this->_idkey_name];

		}else{

			$this->_IDKEYs = array('0'=>'0');

			$_SESSION[$this->_idkey_name] = $this->_IDKEYs;

		}

	}

	private function _generate_secret(){

                $secret= $this->_secret;

		$secrettime= $this->_secrettime;

		#create a different secret every day

		$TimeSeed= floor(time()/$secrettime)*$secrettime;  #round(floor) time() to whole days

		$DomainSeed =  $_SERVER['SERVER_NAME'];  # generate a numerical from server name.

		$Seed = $TimeSeed+$DomainSeed;

                $secret .=md5($Seed);  #

		$secret .= $this->_secret.$this->_serverdata.session_id();

		if ($this->_usefingerprint){$secret.= $this->_browser_fingerprint;}

	return $secret;

	}

	private function _generate_salt()

		{

			if(function_exists('microtime'))

			{

				list($usec, $sec) = explode(" ", microtime());

				$salt = (string)((float)$usec + (float)$sec);

			}else{

				$salt = (string)time();

			}

			$salt = (string)rand(10000, 99999) . $salt . (string)rand(10000, 99999);

			return md5($salt);

		}

	private function _generate_fingerprint()

	{

	// server depending values

 		$fingerprint  = $this->_generate_serverdata();

	// client depending values

		$fingerprint .= ( isset($_SERVER['HTTP_USER_AGENT']) ) ? $_SERVER['HTTP_USER_AGENT'] : '17';

		$usedOctets = ( defined('FINGERPRINT_WITH_IP_OCTETS') ) ? intval(defined('FINGERPRINT_WITH_IP_OCTETS')) : 0;

		$clientIp = ( isset($_SERVER['REMOTE_ADDR'])  ? $_SERVER['REMOTE_ADDR'] : '' );

		if(($clientIp != '') && ($usedOctets > 0)){

			$ip = explode('.', $clientIp);

			while(sizeof($ip) > $usedOctets) { array_pop($ip); }

			$clientIp = implode('.', $ip);

		}else {

			$clientIp = 19;

		}

		$fingerprint .= $clientIp;

		return md5($fingerprint);

	}

	private function _generate_serverdata(){

	 	$serverdata  = ( isset($_SERVER['SERVER_SIGNATURE']) ) ? $_SERVER['SERVER_SIGNATURE'] : '2';

		$serverdata .= ( isset($_SERVER['SERVER_SOFTWARE']) ) ? $_SERVER['SERVER_SOFTWARE'] : '3';

		$serverdata .= ( isset($_SERVER['SERVER_NAME']) ) ? $_SERVER['SERVER_NAME'] : '5';

		$serverdata .= ( isset($_SERVER['SERVER_ADDR']) ) ? $_SERVER['SERVER_ADDR'] : '7';

		$serverdata .= ( isset($_SERVER['SERVER_PORT']) ) ? $_SERVER['SERVER_PORT'] : '11';

		$serverdata .= ( isset($_SERVER['SERVER_ADMIN']) ) ? $_SERVER['SERVER_ADMIN'] : '13';

		$serverdata .= PHP_VERSION;

	return  $serverdata;

	}

        // fake funktion , just exits to avoid error message 

        final protected function createFTAN(){}

	/*

	* creates selfsigning Formular transactionnumbers for unique use

	* @access public

	* @param bool $asTAG: true returns a complete prepared, hidden HTML-Input-Tag (default)

	*                     false returns an GET argument 'key=value'

	* @return mixed:      string

	*

	* requirements: an active session must not be available but it makes no sense whithout :-)

	*/

	final public function getFTAN( $as_tag = true)

	{

		$secret= $this->_secret;

		$timeout= time()+$this->_timeout;

		#mt_srand(hexdec(crc32(microtime()));

                $token= dechex(mt_rand());

                $hash= sha1($secret.'-'.$token.'-'.$timeout);

		$signed= $token.'-'.$timeout.'-'.$hash;

		if($as_tag == true)

		{ // by default return a complete, hidden <input>-tag

			return '<input type="hidden" name="'.$this->_tokenname.'" value="'.htmlspecialchars($signed).'" title="" alt="" />';

		}else{ // return an array with raw tokenname=value

			return $this->_tokenname.'='.$signed;

		}

	}

	/*

	* checks received form-transactionnumbers against itself

	* @access public

	* @param string $mode: requestmethode POST(default) or GET

	* @return bool:    true if numbers matches against stored ones

	*

	* requirements: no active session must be available but it makes no sense whithout.

	* this check will prevent from multiple sending a form. history.back() also will never work

	*/

	final public function checkFTAN( $mode = 'POST')

	{

		$mode = (strtoupper($mode) != 'POST' ? '_GET' : '_POST');

		$isok= false;

		$secret= $this->_secret;

		if (isset($GLOBALS[$mode][$this->_tokenname])) 	{$latoken=$GLOBALS[$mode][$this->_tokenname];}

                else 						{return $isok;}

		$parts= explode('-', $latoken);

		if (count($parts)==3) {

			list($token,$timeout, $hash)= $parts;

			if ($hash==sha1($secret.'-'.$token.'-'.$timeout) AND $timeout > time())

			{$isok= true;}

		}

		return $isok;

	}

	/*

	* save values in session and returns a ID-key

	* @access public

	* @param mixed $value: the value for witch a key shall be generated and memorized

	* @return string:      a MD5-Key to use instead of the real value

	*

	* @requirements: an active session must be available

	* @description: IDKEY can handle string/numeric/array - vars. Each key is a

	*/

	final public function getIDKEY($value)

	{

		if( is_array($value) == true )

		{ // serialize value, if it's an array

			$value = serialize($value);

		}

		// crypt value with salt into md5-hash

		// and return a 16-digit block from random start position

		$key = substr( md5($this->_salt.(string)$value), rand(0,15), 16);

		do{ // loop while key/value isn't added

			if( !array_key_exists($key, $this->_IDKEYs) )

			{ // the key is unique, so store it in list

				$this->_IDKEYs[$key] = $value;

				break;

			}else {

				// if key already exist, increment the last five digits until the key is unique

				$key = substr($key, 0, -5).dechex(('0x'.substr($key, -5)) + 1);

			}

		}while(0);

		// store key/value-pairs into session

		$_SESSION[$this->_idkey_name] = $this->_IDKEYs;

		return $key;

	}

	/*

	* search for key in session and returns the original value

	* @access public

	* @param string $fieldname: name of the POST/GET-Field containing the key or hex-key itself

	* @param mixed $default: returnvalue if key not exist (default 0)

	* @param string $request: requestmethode can be POST or GET or '' (default POST)

	* @return mixed: the original value (string, numeric, array) or DEFAULT if request fails

	*

	* @requirements: an active session must be available

	* @description: each IDKEY can be checked only once. Unused Keys stay in list until the

	*               session is destroyed.

	*/

 	final public function checkIDKEY( $fieldname, $default = 0, $request = 'POST' )

	{

		$return_value = $default; // set returnvalue to default

		switch( strtoupper($request) )

		{

			case 'POST':

				$key = isset($_POST[$fieldname]) ? $_POST[$fieldname] : $fieldname;

				break;

			case 'GET':

				$key = isset($_GET[$fieldname]) ? $_GET[$fieldname] : $fieldname;

				break;

			default:

				$key = $fieldname;

		}

		if( preg_match('/[0-9a-f]{16}$/', $key) )

		{ // key must be a 16-digit hexvalue

			if( array_key_exists($key, $this->_IDKEYs))

			{ // check if key is stored in IDKEYs-list

				$return_value = $this->_IDKEYs[$key]; // get stored value

				unset($this->_IDKEYs[$key]);   // remove from list to prevent multiuse

				$_SESSION[$this->_idkey_name] = $this->_IDKEYs; // save modified list into session again

				if( preg_match('/.*(?<!\{).*(\d:\{.*;\}).*(?!\}).*/', $return_value) )

				{ // if value is a serialized array, then deserialize it

					$return_value = unserialize($return_value);

				}

			}

		}

		return $return_value;

	}

	/* @access public

	* @return void

	*

	* @requirements: an active session must be available

	* @description: remove all entries from IDKEY-Array

	*

	*/

 	final public function clearIDKEY()

	{

		 $this->_IDKEYs = array('0'=>'0');

	}

	## additional Functions needed cause the original ones lack some functionality

	## all are Copyright Norbert Heimsath, heimsath.org

	## released under GPLv3  http://www.gnu.org/licenses/gpl.html

	/* Made because ctype_ gives strange results using mb Strings*/ 

 	private function _validate_alalnum($input){

	# alphanumerical string that starts whith a letter charakter 

		if (preg_match('/^[a-zA-Z][0-9a-zA-Z]+$/u', $input))

			{return false;}

	return "The given input is not an alphanumeric string.";

	} 

 	private function _is04($input){

	# integer value between 0-4

		if (preg_match('/^[0-4]$/', $input)) {return false;}

	return "The given input is not an alphanumeric string.";

	} 

	private function _getip($ipblocks=4){

	/*

	Just a function to get User ip even if hes behind a proxy

	*/

		$ip    	=   ""; //Ip address result

		$cutip	=   ""; //Ip address cut to limit

		# mabe user is behind a Proxy but we need his real ip address if we got a nice Proxyserver, 

		# it sends us the "HTTP_X_FORWARDED_FOR" Header. Sometimes there is more than one Proxy.

		# !!!!!! THIS PART WAS NEVER TESTED BECAUSE I ONLY GOT A DIRECT INTERNET CONNECTION !!!!!!

		# long2ip(ip2long($lastip)) makes sure we got nothing else than an ip into our script ;-)

		# !!!!! WARNING the 'HTTP_X_FORWARDED_FOR' Part is NOT TESTED !!!!!

		if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND !empty($_SERVER['HTTP_X_FORWARDED_FOR']))

		{

			$iplist= explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);

			$lastip = array_pop($iplist);

			$ip.= long2ip(ip2long($lastip));

		}

		/* If theres no other supported info we just use REMOTE_ADDR

		If we have a fiendly proxy supporting  HTTP_X_FORWARDED_FOR its ok to use the full address.

		But if there is no HTTP_X_FORWARDED_FOR we can  not be sure if its a proxy or whatever, so we use the 

		blocklimit for IP address. 

		*/

		else 

		{

			$ip = long2ip(ip2long($_SERVER['REMOTE_ADDR']));

			# ipblocks used here defines how many blocks of the ip adress are checked xxx.xxx.xxx.xxx

			$blocks = explode('.', $ip);

			for ($i=0; $i<$ipblocks; $i++){

				$cutip.= $blocks[$i] . '.';

				}

			$ip=substr($cutip, 0, -1);

		}

	return $ip;

	}

	private function _browser_fingerprint($encode=true,$fpsalt="My Fingerprint: "){

	/*

	Creates a basic Browser Fingerprint for securing the session and forms.

	*/

		$fingerprint=$fpsalt;

		if (isset($_SERVER['HTTP_USER_AGENT'])){ $fingerprint .= $_SERVER['HTTP_USER_AGENT'];}

		if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ $fingerprint .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];}

		if (isset($_SERVER['HTTP_ACCEPT_ENCODING'])){ $fingerprint .= $_SERVER['HTTP_ACCEPT_ENCODING'];}

		if (isset($_SERVER['HTTP_ACCEPT_CHARSET'])){ $fingerprint .= $_SERVER['HTTP_ACCEPT_CHARSET'];}

		$fingerprint.= $this->_getip($this->_useipblocks);

		if ($encode){$fingerprint=md5($fingerprint);}

	return $fingerprint;

	}

	##

	## additional Functions END

	##

}

<?php

/**

 *

 * @category        modules

 * @package         SecureFormSwitcher

 * @author          WebsiteBaker Project

 * @copyright       (C) 2011, D Woellbrink

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link			http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.8.2

 * @requirements    PHP 5.2.2 and higher

 * @version         $Id$

 * @filesource		$HeadURL$

 * @lastmodified    $Date$

 *

 */

// Must include code to stop this file being access directly

if(defined('WB_PATH') == false)

{

	die('<head><title>Access denied</title></head><body><h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2></body></html>');

}

// load module language file

$mod_path = (dirname(__FILE__));

require_once( $mod_path.'/language_load.php' );

// callback function for settings name

function converttoupper($val, $key, $vars) {

	$vars[0][$key] = strtoupper($key);

	$vars[1][$vars[0][$key]] = ($val);

}

// create backlinks

$js_back =  ADMIN_URL.'/admintools/tool.php?tool=SecureFormSwitcher';

$backlink =  ADMIN_URL.'/admintools/index.php';

$FileNotFound = ' ';

// defaults settings

$default_cfg = array(

	'secure_form_module' => '',

	'wb_secform_secret' => '5609bnefg93jmgi99igjefg',

	'wb_secform_secrettime' => '86400',

	'wb_secform_timeout' => '7200',

	'wb_secform_tokenname' => 'formtoken',

	'wb_secform_usefp' => 'true',

	'fingerprint_with_ip_octets' => '2',

);

$setting = $default_cfg;

$MultitabTarget = WB_PATH.'/framework/SecureForm.mtab.php';

// get stored settings to set in mask

$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'settings` ';

$sql .= 'WHERE `name` = \'secure_form_module\'';

$sql .=    'OR `name`=\'fingerprint_with_ip_octets\' ';

$sql .=    'OR `name`=\'wb_secform_usefp\' ';

$sql .=    'OR `name`=\'wb_secform_tokenname\' ';

$sql .=    'OR `name`=\'wb_secform_timeout\' ';

$sql .=    'OR `name`=\'wb_secform_secrettime\' ';

$sql .=    'OR `name`=\'wb_secform_secret\' ';

if($res = $database->query($sql) ) {

	if($res->numRows() > 0) {

		while($rec = $res->fetchRow(MYSQL_ASSOC)) {

	        $setting[$rec['name']] = $rec['value'];

		}

	} else {

		// add missing values

		db_update_key_value('settings', $setting );

	}

}

$action = 'show';

$action = isset($_POST['save_settings']) ? 'save_settings' : $action;

$action = isset($_POST['save_settings_default']) ? 'save_settings_default' : $action;

switch ($action) :

	case 'save_settings':

		$cfg = array(

			'secure_form_module' => (isset($_POST['ftan_switch']) ? $_POST['ftan_switch'] : 'mtab'),

			'wb_secform_secret' => (isset($_POST['wb_secform_secret']) ? $_POST['wb_secform_secret'] : $setting['wb_secform_secret'] ),

			'wb_secform_secrettime' => (isset($_POST['wb_secform_secrettime']) ? $_POST['wb_secform_secrettime'] : $setting['wb_secform_secrettime'] ),

			'wb_secform_timeout' => (isset($_POST['wb_secform_timeout']) ? $_POST['wb_secform_timeout'] : $setting['wb_secform_timeout'] ),

			'wb_secform_tokenname' => (isset($_POST['wb_secform_tokenname']) ? $_POST['wb_secform_tokenname'] : $setting['wb_secform_tokenname'] ),

			'wb_secform_usefp' => (isset($_POST['wb_secform_usefp']) ? $_POST['wb_secform_usefp'] : $setting['wb_secform_usefp'] ),

			'fingerprint_with_ip_octets' => (isset($_POST['fingerprint_with_ip_octets']) ? $_POST['fingerprint_with_ip_octets'] : $setting['fingerprint_with_ip_octets'] ),

		);

		// unset($_POST);

		$_SESSION['CFG'] = $cfg;

		break;

	case 'save_settings_default':

		$cfg = $default_cfg;

		$cfg['secure_form_module'] = $setting['secure_form_module'];

		break;

endswitch;

switch ($action) :

	case 'save_settings':

	case 'save_settings_default':

		if (!$admin->checkFTAN())

		{

			if(!$admin_header) { $admin->print_header(); }

			$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$_SERVER['REQUEST_URI']);

		}

		if(file_exists($MultitabTarget)) {

			$val = ( isset($_POST['ftan_switch'])  ? ($_POST['ftan_switch']) : 'mtab');

		} else {

			$cfg['secure_form_module'] = '';

			$FileNotFound = $SFS_TEXT['FILE_FORMTAB_NOT_GOUND'];

		}

		db_update_key_value('settings', $cfg );

		// check if there is a database error, otherwise say successful

		if(!$admin_header) { $admin->print_header(); }

		if($database->is_error()) {

			$admin->print_error($database->get_error(), $js_back);

		} else {

            if(isset($_SESSION['CFG'])) { unset($_SESSION['CFG']);}

			$admin->print_success($MESSAGE['PAGES_SAVED'], $js_back);

		}

		break;

endswitch;

// set template file and assign module and template block

$tpl = new Template(WB_PATH.'/modules/SecureFormSwitcher/htt','keep');

$tpl->set_file('page', 'switchform.htt');

$tpl->debug = false; // false, true

$tpl->set_block('page', 'main_block', 'main');

$checked = ($setting['secure_form_module']!='');

$ftanMode = ($checked ? $SFS_TEXT['SECURE_FORM'] : $SFS_TEXT['SECURE_FORMMTAB']);

$target = ($checked) ? '.'.$setting['secure_form_module'] : '';

$target = WB_PATH.'/framework/SecureForm'.$target.'.php';

$SingleTabStatus = intval($checked==false);

$MultitabStatus = intval($checked==true);

$NotFoundClass = '';

if(!file_exists($MultitabTarget)) {

	$SingleTabStatus = true;

	$MultitabStatus = false;

	$FileNotFound = $SFS_TEXT['FILE_FORMTAB_NOT_GOUND'];

	$NotFoundClass = 'class="warning"';

} else {

}

// convert settings name to upper

array_walk($setting,'converttoupper', array(&$search, &$replace ));

$tpl->set_var($replace);

$tpl->set_var(array(

	'FTAN' => $admin->getFTAN(),

	'SERVER_REQUEST_URI' => $_SERVER['REQUEST_URI'],

	'TEXT_CANCEL' => $TEXT['CANCEL'],

	'BACKLINK' => (isset($_POST['cancel'])) ? $backlink : '#',

	'TEXT_INFO' => $SFS_TEXT['INFO'],

	'TEXT_SUBMIT' => $SFS_TEXT['SUBMIT'],

	'TEXT_MSUBMIT' => $SFS_TEXT['RESET_SETTINGS'],

	'TXT_HEADING' => $SFS_TEXT['SECURE_FORM'.strtoupper($setting['secure_form_module'])],

	'SELECTED' => ( ($SingleTabStatus) ? ' checked="checked"' : ''),

	'SELECTED_TAB' => ( ($MultitabStatus) ? ' checked="checked"' : ''),

	'SUBMIT_TYPE' => ($checked ? 'multitab' : 'singletab'),

	'MSELECTED' => '',

	'MSELECTED_TAB' => '',

	'FTAN_COLOR' => ($checked ? 'grey' : 'norm'),

	'TXT_SUBMIT_FORM' => $SFS_TEXT['SUBMIT_FORM'],

	'TXT_SUBMIT_FORMTAB' => $SFS_TEXT['SUBMIT_FORMTAB'],

	'FILE_FORMTAB_WARNING' => $NotFoundClass,

	'FILE_FORMTAB_NOT_GOUND' => $FileNotFound,

	)

);

$tpl->set_var(array(

		'USEIP_SELECTED' => '',

		'TXT_SECFORM_USEIP' => $SFS_TEXT['WB_SECFORM_USEIP'],

        'TXT_SECFORM_USEIP_TOOLTIP' => $SFS_TEXT['WB_SECFORM_USEIP_TOOLTIP'], // Tooltip

		'TEXT_DEFAULT_SETTINGS' => $HEADING['DEFAULT_SETTINGS'],

		'USEIP_DEFAULT' => $default_cfg['fingerprint_with_ip_octets'],

		'USEFP_CHECKED_TRUE' => (($setting['wb_secform_usefp']=='true') ? ' checked="checked"' : ''),

		'USEFP_CHECKED_FALSE' => (($setting['wb_secform_usefp']=='false') ? ' checked="checked"' : ''),

		'TEXT_DEFAULT_SETTINGS' => $HEADING['DEFAULT_SETTINGS'],

	)

);

$tpl->set_block('main_block', 'useip_mtab_loop', 'mtab_loop');

	for($x=0; $x < 5; $x++) {

		// iu value == default set first option with standardtext

		if(intval($default_cfg['fingerprint_with_ip_octets'])==$x ) {

			$tpl->set_var(array(

					'USEIP_VALUE' => $x,

					'USEIP_DEFAULT_SELECTED' => ((intval($setting['fingerprint_with_ip_octets'])==$x) ? ' selected="selected"' : ''),

					'USEIP_SELECTED' => '',

					)

			);

		} else {

			$tpl->set_var(array(

					'USEIP_VALUE' => $x,

					'USEIP_SELECTED' => ((intval($setting['fingerprint_with_ip_octets'])==$x) && (intval($setting['fingerprint_with_ip_octets'])!=intval($default_cfg['fingerprint_with_ip_octets'])) ? ' selected="selected"' : ''),

				)

			);

		}

		$tpl->parse('mtab_loop','useip_mtab_loop', true);

	}

$tpl->set_block('main_block', 'show_mtab_block', 'show_mtab');

$tpl->set_block('main_block', 'mtab_block', 'mtab');

if($checked) {

	$tpl->set_var(array(

			'TEXT_ENABLED' => $SFS_TEXT['ON_OFF'],

			'TXT_SECFORM_TOKENNAME' => $SFS_TEXT['WB_SECFORM_TOKENNAME'],

            'TXT_SECFORM_TOKENNAME_TOOLTIP' => $SFS_TEXT['WB_SECFORM_TOKENNAME_TOOLTIP'],

			'TXT_SECFORM_TIMEOUT' => $SFS_TEXT['WB_SECFORM_TIMEOUT'],

            'TXT_SECFORM_TIMEOUT_TOOLTIP' => $SFS_TEXT['WB_SECFORM_TIMEOUT_TOOLTIP'],

			'TXT_SECFORM_SECRETTIME' => $SFS_TEXT['WB_SECFORM_SECRETTIME'],

            'TXT_SECFORM_SECRETTIME_TOOLTIP' => $SFS_TEXT['WB_SECFORM_SECRETTIME_TOOLTIP'],

			'TXT_SECFORM_SECRET' => $SFS_TEXT['WB_SECFORM_SECRET'],

            'TXT_SECFORM_SECRET_TOOLTIP' => $SFS_TEXT['WB_SECFORM_SECRET_TOOLTIP'],

			'TXT_SECFORM_USEFP' => $SFS_TEXT['WB_SECFORM_USEFP'],

			'SECFORM_USEFP' => 'true',

            'TXT_SECFORM_USEFP_TOOLTIP' => $SFS_TEXT['WB_SECFORM_USEFP_TOOLTIP'],

		)

	);

	$tpl->parse('mtab','mtab_block', true);

	$tpl->parse('show_mtab','show_mtab_block', true);

} else  {

	$tpl->parse('mtab', '');

	$tpl->parse('show_mtab', '');

}

// Parse template object

$tpl->parse('main', 'main_block', false);

$output = $tpl->finish($tpl->parse('output', 'page'));

unset($tpl);

print $output;

<?php

/**

 *

 * @category        modules

 * @package         SecureFormSwitcher

 * @author          WebsiteBaker Project

 * @copyright       2004-2009, Ryan Djurovich

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link			http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.8.2

 * @requirements    PHP 5.2.2 and higher

 * @version         $Id$

 * @filesource		$HeadURL$

 * @lastmodified    $Date$

 *

*/

//Module description

$module_description = 'This module switch between the <strong>SingleTab SecureForm</strong> and <strong>MultiTab SecureForm</strong>.';

// Backend variables

$SFS_TEXT['TEXT_SWITCH'] = 'Change';

$SFS_TEXT['TXT_FTAN_SWITCH'] = 'Change to ';

$SFS_TEXT['SECURE_FORM'] = 'SingleTab SecureForm';

$SFS_TEXT['SECURE_FORMMTAB'] = 'Multitab SecureForm';

$SFS_TEXT['FILE_FORMTAB_NOT_GOUND'] = '<strong>Multitab not possible!<br />Needed file \'/framework/SecureForm.mtab.php\' not found!</strong><br />

<span>You have to upload the file manually via FTP</span>';

$SFS_TEXT['SUBMIT_FORM'] = 'Single Tab (recommended)';

$SFS_TEXT['SUBMIT_FORMTAB'] = 'Multi Tab';

$SFS_TEXT['SUBMIT'] = 'Accept';

$SFS_TEXT['INFO'] = 'Please select if you want to use the default security settings or the settings for working with several WebsiteBaker instances in parallel browser tabs.';

$SFS_TEXT['RESET_SETTINGS'] = 'Default setting';

$SFS_TEXT['ON_OFF'] = 'On/OFF';

// Variablen fuer AdminTool Optionen

$SFS_TEXT['WB_SECFORM_USEIP'] = 'IP-Blocks (1-4, 0=no check)';

$SFS_TEXT['WB_SECFORM_USEIP_TOOLTIP'] = '<span class="custom help"><em>Help</em>

These number of segments of an IP address can be used for the fingerprint. "4" means the whole IP address (this makes sense e.g. for servers with a stable IP address). "2" is a good compromise, because at home there\'s often the 24-hour reset and therefore only the first two segments keep constant.

<ul>

<li>4= xxx.xxx.xxx.xxx</li>

<li>3= xxx.xxx.xxx</li>

<li>2= xxx.xxx</li>

<li>1= xxx</li>

<li>0= no usage of the IP</li></ul></span>';

$SFS_TEXT['WB_SECFORM_TOKENNAME'] = 'Tokenname';

$SFS_TEXT['WB_SECFORM_TOKENNAME_TOOLTIP'] = '<span class="custom help"><em>Help</em>The name of the token. Coll. a token is often called TAN.</span>';

$SFS_TEXT['WB_SECFORM_SECRET'] = 'Secret (whatever you like)';

$SFS_TEXT['WB_SECFORM_SECRET_TOOLTIP'] = '<span class="custom help"><em>Help</em>A random key, that is being used for creating a TAN. Recommend are at least 20 digits.</span>';

$SFS_TEXT['WB_SECFORM_SECRETTIME'] = 'Secrettime';

$SFS_TEXT['WB_SECFORM_SECRETTIME_TOOLTIP'] = '<span class="custom help"><em>Help</em>Time (in seconds), until the secret-key will be renewed.</span>';

$SFS_TEXT['WB_SECFORM_TIMEOUT'] = 'Timeout';

$SFS_TEXT['WB_SECFORM_TIMEOUT_TOOLTIP'] = '<span class="custom help"><em>Help</em>Time (in seconds), until the form-token is void.</span>';

$SFS_TEXT['WB_SECFORM_USEFP'] = 'Fingerprinting';

$SFS_TEXT['WB_SECFORM_USEFP_TOOLTIP'] = '<span class="custom help"><em>Help</em>Require OS and browser for every TAN-validation additionally to the IP-address.</span>';

<?php

/**

 *

 * @category        modules

 * @package         SecureFormSwitcher

 * @author          WebsiteBaker Project

 * @copyright       2004-2009, Ryan Djurovich

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link			http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.8.2

 * @requirements    PHP 5.2.2 and higher

 * @version         $Id$

 * @filesource		$HeadURL$

 * @lastmodified    $Date$

 *

*/

//Module description

$module_description = 'Dieses Modul wechselt zwischen <strong>SingleTab SecureForm</strong> und <strong>MultiTab SecureForm</strong>.';

// Backend variables

$SFS_TEXT['TEXT_SWITCH'] = 'Wechseln';

$SFS_TEXT['TXT_FTAN_SWITCH'] = 'Wechsel zu ';

$SFS_TEXT['SECURE_FORM'] = 'SingleTab SecureForm';

$SFS_TEXT['SECURE_FORMMTAB'] = 'Multitab SecureForm';

$SFS_TEXT['FILE_FORMTAB_NOT_GOUND'] = '<strong>Multitab nicht ausführbar!<br />Benötigte Datei \'/framework/SecureForm.mtab.php\' nicht gefunden!</strong><br />

<span>Sie müssen die Datei manuell über FTP hochspielen</span>';

$SFS_TEXT['SUBMIT_FORM'] = 'SingleTab (empfohlen)';

$SFS_TEXT['SUBMIT_FORMTAB'] = 'Multi Tab';

$SFS_TEXT['SUBMIT'] = 'Übernehmen';

$SFS_TEXT['INFO'] = 'Hier können Sie auswählen, ob die Standard-Sicherheitseinstellung oder die Sicherheitseinstellung zur Verwendung von mehreren WebsiteBaker-Instanzen in parallelen Browser-Tabs aktiviert werden soll.';

$SFS_TEXT['RESET_SETTINGS'] = 'Standardeinstellung';

$SFS_TEXT['ON_OFF'] = 'Ein/Aus';

// Variablen fuer AdminTool Optionen

$SFS_TEXT['WB_SECFORM_USEIP'] = 'IP-Blocks (1-4, 0=kein Check)';

$SFS_TEXT['WB_SECFORM_USEIP_TOOLTIP'] = '<span class="custom help"><em>Hilfe</em>

Diese Anzahl der Segmente einer IP-Adresse werden für den Fingerprint genutzt. "4" heißt die gesamte IP-Adresse (dies macht nur bei festen IPs wie z.B. Servern Sinn). "2" ist ein guter Kompromiss, da im Heimbereich durch 24-Stunden Resets nur die ersten beiden Segmente konstant bleiben. 

<ul>

<li>4= xxx.xxx.xxx.xxx</li>

<li>3= xxx.xxx.xxx</li>

<li>2= xxx.xxx</li>

<li>1= xxx</li>

<li>0=keine Nutzung der IP</li></ul></span>';

$SFS_TEXT['WB_SECFORM_TOKENNAME'] = 'Tokenname';

$SFS_TEXT['WB_SECFORM_TOKENNAME_TOOLTIP'] = '<span class="custom help"><em>Hilfe</em>Der Name des Tokens. Umgangssprachlich wird Token auch TAN genannt.</span>';

$SFS_TEXT['WB_SECFORM_SECRET'] = 'Secret (Beliebige Zeichen)';

$SFS_TEXT['WB_SECFORM_SECRET_TOOLTIP'] = '<span class="custom help"><em>Hilfe</em>Ein zufälliger Schlüssel, der für die Token-Erstellung verwendet wird. Empfohlen sind mind. 20 Zeichen.</span>';

$SFS_TEXT['WB_SECFORM_SECRETTIME'] = 'Secrettime';

$SFS_TEXT['WB_SECFORM_SECRETTIME_TOOLTIP'] = '<span class="custom help"><em>Hilfe</em>Zeit (in Sekunden), bis der Secret-Schlüssel sich erneuert.</span>';

$SFS_TEXT['WB_SECFORM_TIMEOUT'] = 'Timeout';

$SFS_TEXT['WB_SECFORM_TIMEOUT_TOOLTIP'] = '<span class="custom help"><em>Hilfe</em>Zeit (in Sekunden), bis ein Formular-Token nicht mehr gilt.</span>';

$SFS_TEXT['WB_SECFORM_USEFP'] = 'Fingerprinting';

$SFS_TEXT['WB_SECFORM_USEFP_TOOLTIP'] = '<span class="custom help"><em>Hilfe</em>Zusätzlich zur IP-Adresse wird Betriebssystem und Browser zu jeder TAN-Validierung hinzugezogen.</span>';

<?php

/**

 *

 * @category        modules

 * @package         SecureFormSwitcher

 * @author          WebsiteBaker Project

 * @copyright       2004-2009, Ryan Djurovich

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link			http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.8.2

 * @requirements    PHP 5.2.2 and higher

 * @version         $Id$

 * @filesource		$HeadURL$

 * @lastmodified    $Date$

 * @description

 *

 */

/* ************************************************************************** */

if(defined('WB_PATH') == false)

{

	die(" <head><title>Access denied</title></head><body><h2 style=\"color:red;margin:3em auto;text-align:center;\">Cannot access this file directly.</h2></body>");

}

$mod_path = (dirname(__FILE__));

$dlg_lang_dir = $mod_path.'/languages/';

if(file_exists($dlg_lang_dir)){

	$dlg_lang = file_exists($dlg_lang_dir.LANGUAGE.'.php') ? LANGUAGE : 'EN';

	require_once($dlg_lang_dir.$dlg_lang.'.php');

}

//  iconv_set_encoding("output_encoding", "ISO-8859-1");

if(!function_exists('convert_charset'))

{

	function convert_charset(&$val, $key, $vars) {

		$val = iconv($vars['0'], $vars['1'].'//TRANSLIT', ($val));

	}

}

if( strtolower(DEFAULT_CHARSET) != 'utf-8') {

	$in_charset = 'utf-8';

	$out_charset = DEFAULT_CHARSET;

	array_walk_recursive($SFS_TEXT,'convert_charset',array($in_charset, $out_charset));

}

<?php

/**

 *

 * @category        modules

 * @package         SecureFormSwitcher

 * @author          WebsiteBaker Project

 * @copyright       2004-2009, Ryan Djurovich

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link            http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.8.2

 * @requirements    PHP 5.2.2 and higher

 * @version         $Id$

 * @filesource      $HeadURL$

 * @lastmodified    $Date$

 *

 */

// Must include code to stop this file being access directly

if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }

require_once(WB_PATH.'/framework/class.database.php');

require_once(WB_PATH.'/framework/functions.php');

$mod_path = (dirname(__FILE__));

require_once( $mod_path.'/language_load.php' );

$aDefault = array(

	'secure_form_module' => '',

	'wb_secform_secret' => '5609bnefg93jmgi99igjefg',

	'wb_secform_secrettime' => '86400',

	'wb_secform_timeout' => '7200',

	'wb_secform_tokenname' => 'formtoken',

	'wb_secform_usefp' => 'true',

	'wb_secform_useip' => '2',

);

db_update_key_value('settings', $aDefault );

<?php

/**

 *

 * @category        modules

 * @package         SecureFormSwitcher

 * @author          WebsiteBaker Project

 * @copyright       2004-2009, Ryan Djurovich

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link            http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.8.2

 * @requirements    PHP 5.2.2 and higher

 * @version         $Id$

 * @filesource      $HeadURL$

 * @lastmodified    $Date$

 *

 */

// Must include code to stop this file being access directly

if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }

global $i;

// load module language file

$mod_path = (dirname(__FILE__));

require_once( $mod_path.'/language_load.php' );

$i = (!isset($i) ? 1 : $i);

print "<div style=\"margin:1em auto;font-size:1.1em;\">";

print "<h4>Step $i: Updating SecureForm Switcher</h4>\n";

$i++;

$OK   = "<span class=\"ok\">OK</span>";

$FAIL = "<span class=\"error\">FAILED</span>";

$target = $mod_path.'/files/SecureForm.mtab.php';

$dest = WB_PATH.'/framework/SecureForm.mtab.php';

if(is_writeable(WB_PATH.'/framework')) {

	if((copy($target,$dest) && change_mode($dest)) || file_exists($target)) {

		print "<br /><strong>Updating secure_form_module</strong> $OK<br />\n";

	} else {

		print "<br /><strong>Updating secure_form_module</strong> $FAIL<br />\n";

	}

}

print "</div>";

<?php

/**

 *

 * @category        modules

 * @package         SecureFormSwitcher

 * @author          WebsiteBaker Project

 * @copyright       2004-2009, Ryan Djurovich

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link            http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.9.x

 * @requirements    PHP 5.2.2 and higher

 * @version         $Id$

 * @filesource      $HeadURL$

 * @lastmodified    $Date$

 *

 */

header('Location: ../index.php');

exit();

This module supports the FTAN-System

@charset "UTF-8";

td.content form.secure_switch .left-content { width :49%; float :left; }

td.content form.secure_switch .right-content { width :49%; float :right; }

form.secure_switch { border :0px #484 solid; margin :1em 0; width :100%; }

table.switch-ftan-info,

table.switch-ftan-form { width :100%; background-color :transparent; }

table.switch-ftan-info tbody,

table.switch-ftan-form tbody { margin :10px 0; }

table.switch-ftan-form tbody td label { font-weight :bold; font-size :1.0em; color :#000000; }

table.switch-ftan-info thead tr th { margin :20px 0; font-weight :bold; font-size :1.4em; background-color :transparent; color :#000000; text-align :left; }

table.switch-ftan-info thead tr th span.norm { color : #003300; }

table.switch-ftan-info thead tr th span.grey { color : #666666; }

table.switch-ftan-form tbody td { height :30px; vertical-align :middle; }

table.switch-ftan-form tbody td input[type="submit"] { font-size :1.0em; width : 40%; }

table.switch-ftan-form tbody td input[type="text"] { font-size :1.0em; width : 100%; }

table.switch-ftan-form tbody td select { font-size :1.0em; width : 101.5%; }

.ok, .error { font-weight:bold; }

.ok { color:green; }

.error { color:red; }

.check { color:#555; }

.module-info { padding :10px; margin :0px auto; background :transparent; color :#000000; font-size :1.0em; }

.module-info p { margin :0.2em auto; }

.warning { border-radius :10px; -khtml-border-radius :10px; -webkit-border-radius :10px; -moz-border-radius :10px; background :#fee; border :0.2em #844 solid; color :#990000; margin :0.2em auto; padding :0.63em; width :60%; text-align :center; }

.warning strong { font-size :1.2em; }

.warning span { font-size :1.2em; line-height :1.5em; color :#333333; }

/* Tooltip CSS */

.tooltip {

	border-bottom: 1px dotted #000000;

	color: #000000;

	outline: none;

	cursor: help;

	text-decoration: none;

	position: relative;

}

.tooltip span { margin-left: -999em; position: absolute; }

.tooltip:hover em {

	font-family: Candara, Tahoma, Geneva, sans-serif;

	font-size: 1.2em;

	font-weight: bold;

	display: block;

	padding: 0.2em 0 0.6em 0;

}

.tooltip:hover span {

	border-radius: 5px 5px;

	box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.1);

	font-family: Calibri, Tahoma, Geneva, sans-serif;

	position: absolute;

	left: -15em;

	top: 2em;

	z-index: 99;

	margin-left: 1em;

	padding: 10px 10px 10px 50px;

	width: 250px;