= 0; --$i) { $ret |= ord($res[$i]); } return !$ret; } } if(!isset($_SESSION['token']) || empty($token) || !hash_equals($_SESSION['token'], $token)) { log_and_die("Wrong token"); } } function check_domain() { if(isset($_POST['domain'])){ $validDomain = is_valid_domain_name($_POST['domain']); if(!$validDomain){ log_and_die($_POST['domain']. ' is not a valid domain'); } } } function list_verify($type) { global $pwhash, $wrongpassword; if(!isset($_POST['domain']) || !isset($_POST['list']) || !(isset($_POST['pw']) || isset($_POST['token']))) { log_and_die("Missing POST variables"); } if(isset($_POST['token'])) { check_cors(); check_csrf($_POST['token']); } elseif(isset($_POST['pw'])) { require("password.php"); if(strlen($pwhash) == 0) { log_and_die("No password set - ".$type."listing with password not supported"); } elseif($wrongpassword) { log_and_die("Wrong password - ".$type."listing of ${_POST['domain']} not permitted"); } } else { log_and_die("Not allowed!"); } check_domain(); } ?>