<?php

class sec_patch
{

	function sec_info($str)
	{
	$sec_info = array("Freak1 | Tim Glabisch | hide@address.com",
					  "0.2",
					  PHP_VERSION,
					  );
					  return $sec_info[$str];
	}
	
	function sec_included($file, $str=0)
	{
		if(basename($_SERVER['PHP_SELF']) == basename($file) && !is_readable("../../config.php")) 
		{
		if($str==0){ die("This File is just for an include!"); }
		return false;
		}
		return true;
	}

	function sec_globals()
	{
			if(!is_numeric(htmlspecialchars($_GET['id'])) && htmlspecialchars($_GET['id']) != "") { die("hacking attempt"); } 
			if (ini_get('register_globals')) {
				$superglobals = array($_FILES, $_POST, $_GET);
				$legal = array("ssid","content","id","name","comment","captcha_input","addreview","username","PHPSESSID","search","submit","catid","file");
				if($this->add2legal) { $legal = array_merge($legal, $this->add2legal); }
				foreach ($superglobals as $superglobal) {
					foreach ($superglobal as $global => $value) {
						if(!in_array($global, $legal))
						{
							#echo "ERROR:".htmlspecialchars($global)."<br>";
							$this->unsure[$global] = $value;  
							unset($$global);
						}
				}
		
			}
		
		}
	}

		function sec_globals_unsure($str)
	{	
		if(isset($this->unsure[$str]))
		{
		return htmlspecialchars($this->unsure[$str]);
		}
	}

	function sec_force_download_link($file="file")
	{
	$exploded =explode("..", htmlspecialchars($_GET[$file]));
	$path = $exploded[count($exploded)-1];
	if(is_file($path) && !substr($path, -4, 4) != ".php") { return $path; }
	$path = "";
	}


	function sec_mp3()
	{
	if(!is_numeric($_GET['speler'])) { die("hacking attempt1"); }
	if($_GET['table_files'] != "") { die("hacking attempt1"); }
	if($_GET['name'] != "") { die("hacking attempt2"); }	
	}
}

?>