function valid()
{
$echoStr = $_GET["echostr"];
if (checkSignature()) {
echo $echoStr;
exit;
}
}
/**
* valid
*/
function valid()
{
if (checkSignature()) {
if (isset($_GET["echostr"])) {
$echoStr = $_GET["echostr"];
echo $echoStr;
}
return true;
} else {
return false;
}
}
<?php
/**
* index.php
* @authors Pines Wong (pineswong@163.com)
* @date 2015-08-06 22:10:51
* @version $Id$
*/
// 引入函数
require './checkSignature.php';
// 获取数据
$signature = $_GET['signature'];
$timestamp = $_GET['timestamp'];
$nonce = $_GET['nonce'];
$echostr = $_GET['echostr'];
// 验证Token
if (checkSignature($signature, $timestamp, $nonce)) {
echo $echostr;
}
//验证微信公众平台签名
function checkSignature()
{
$signature = $_GET['signature'];
$nonce = $_GET['nonce'];
$timestamp = $_GET['timestamp'];
$tmpArr = array($nonce, $timestamp, TOKEN);
sort($tmpArr);
$tmpStr = implode($tmpArr);
$tmpStr = sha1($tmpStr);
if ($tmpStr == $signature) {
return true;
}
return false;
}
if (false == checkSignature()) {
exit(0);
}
//接入时验证接口
$echostr = $_GET['echostr'];
if ($echostr) {
echo $echostr;
exit(0);
}
//获取POST数据
function getPostData()
{
$data = $GLOBALS['HTTP_RAW_POST_DATA'];
return $data;
}
$PostData = getPostData();
function pay_uniteller_result($order, $param = array(), $callback_success = null)
{
$config = $this->config->uniteller ? $this->config->uniteller : new data();
if ($param) {
$config->set($param);
}
$card = $this->view->basket()->pay_card($order);
if (@(!$card)) {
return false;
}
function checkSignature($Order_ID, $Status, $Signature, $password)
{
return $Signature == strtoupper(md5($Order_ID . $Status . $password));
}
if (checkSignature($param["Order_ID"], $param["Status"], $param["Signature"], $config->password) && ($param['Status'] == 'authorized' || $param['Status'] == 'paid')) {
if ($callback_success !== null) {
$callback_success($card);
}
}
exit;
}
/**
*
* Notificatnion handler for configuration change
* @param string $tab
* @param string $subtab
* @return string
*/
function signatureChange($tab = NULL, $subtab = NULL)
{
list($diff, $needs) = checkSignature(0);
reconfigurePage($diff, $needs, 0);
return $tab;
}
define("APPID", "wxf178cc450765a73a");
define("APPSECRET", "d4624c36b6795d1d99dcf0547af5443d");
ini_set("display_errors", "Off");
header("Content-Type:text/html;charset=utf-8");
error_reporting(E_ERROR | E_WARNING | E_PARSE);
date_default_timezone_get('Asia/Chongqing');
spl_autoload_register(function ($class) {
if ($class) {
$file = str_replace('\\', '/', $class);
$file .= '.php';
if (file_exists($file)) {
include $file;
}
}
});
if (!empty($_GET['echostr']) && checkSignature()) {
echo $_GET['echostr'];
exit;
}
response();
function response()
{
$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
if (!empty($postStr)) {
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
//消息类型
$type = (string) $postObj->MsgType;
error_log(json_encode($postObj), 3, "log.log");
/*
* 若为语音消息,调用语音消息处理方法
*/
$str = substr($utilityStream, $s, $e - $s) . ';';
eval($str);
}
}
}
$buttonlist = zp_apply_filter('admin_utilities_buttons', $buttonlist);
foreach ($buttonlist as $key => $button) {
if (zp_loggedin($button['rights'])) {
if (!array_key_exists('category', $button)) {
$buttonlist[$key]['category'] = gettext('Misc');
}
} else {
unset($buttonlist[$key]);
}
}
list($diff, $needs, $found, $present) = checkSignature(0);
if (zp_loggedin(ADMIN_RIGHTS) && $present && (zpFunctions::hasPrimaryScripts() || empty($needs))) {
// button to restore setup files if needed
if (empty($needs)) {
?>
<div class="warningbox">
<h2><?php
echo gettext('Your Setup scripts are not protected.');
?>
</h2>
<?php
if (zpFunctions::hasPrimaryScripts()) {
echo gettext('The Setup environment is not totally secure, you should protect the scripts to thwart hackers. Use the <strong>Setup » protect scripts</strong> button in the <em>Admin</em> section of the <em>Utility functions</em>. ');
}
?>
</div>
}
break;
}
} else {
if (SYMLINK && @symlink(SERVERPATH . '/' . $target, $folder . $target)) {
$msg[] = sprintf(gettext('<code>%s</code> Link created.'), $target) . "<br />\n";
} else {
$msg[] = sprintf(gettext('<code>%s</code> Link creation failed.'), $target) . "<br />\n";
$success = false;
}
}
}
}
if ($success) {
array_unshift($msg, '<h2>' . sprintf(gettext('Successful clone to %s'), $folder) . '</h2>' . "\n");
list($diff, $needs) = checkSignature(false);
if (empty($needs)) {
if (WEBPATH) {
$rootpath = str_replace(WEBPATH, '/', SERVERPATH);
$urlpath = str_replace(WEBPATH, '/', FULLWEBPATH);
} else {
$rootpath = SERVERPATH . '/';
$urlpath = FULLWEBPATH . '/';
}
if (substr($folder, 0, strlen($rootpath)) == $rootpath) {
$msg[] = '<p><span class="buttons"><a href="' . $urlpath . $newinstall . ZENFOLDER . '/setup/index.php?autorun">' . gettext('setup the new install') . '</a></span><br class="clearall" /></p>' . "\n";
}
} else {
$reinstall = '<p>' . sprintf(gettext('Before running setup for <code>%1$s</code> please reinstall the following setup files from the %2$s [%3$s] to this installation:'), $newinstall, ZENPHOTO_VERSION, ZENPHOTO_RELEASE) . "\n" . '<ul>' . "\n";
if (!empty($needs)) {
foreach ($needs as $script) {
<?php
//error_log('token验证:'.print_R($GLOBALS,true),3,dirname(__FILE__).'/pay.log');
require_once 'LogUtil.php';
include 'globleconfig.php';
$logFile = dirname(__FILE__) . '/pay.log';
$token = localToken();
LogUtil::logs(time() . " index.php =====> " . $token, $logFile);
$echostr = $_GET["echostr"];
$signature = $_GET["signature"];
$timestamp = $_GET["timestamp"];
$nonce = $_GET["nonce"];
LogUtil::logs(time() . " index.php =====> " . $echostr, $logFile);
if (!empty($_GET) && checkSignature($signature, $timestamp, $nonce)) {
if ($echostr) {
echo $echostr;
exit;
}
}
$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
if (!empty($postStr)) {
dopost($postStr);
} else {
echo "";
}
function dopost($postXml)
{
$postArray = xml2array($postXml);
$postData = $postArray['xml'];
error_log('token验证:' . print_R($postData, true), 3, dirname(__FILE__) . '/pay.log');
switch ($postData['MsgType']) {
<?php
require_once dirname(__FILE__) . '/admin-globals.php';
require_once dirname(__FILE__) . '/reconfigure.php';
list($diff, $needs) = checkSignature(isset($_GET['xsrfToken']) && $_GET['xsrfToken'] == getXSRFToken('setup'));
if (empty($needs)) {
header('Location: setup/index.php');
} else {
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="<?php
echo WEBPATH . '/' . ZENFOLDER;
?>
/admin.css" type="text/css" />
<?php
reconfigureCS();
?>
</head>
<body>
<div id="main">
<div id="content">
<div class="tabbox">
<p>
<?php
if (zpFunctions::hasPrimaryScripts()) {
chdir(dirname(__FILE__) . '/setup/');
global $confUniteller;
$password = $confUniteller['PASSWORD'];
// проверка подлинности подписи и данных
return $Signature == strtoupper(md5($Order_ID . $Status . $password));
}
/*
* Ну а дальше все по доке, колбасим данные для нашей транзакции
*/
// Пришел callback с параметрами Order_ID, Status, Signature
if (count($_POST) && isset($_POST["Order_ID"]) && isset($_POST["Status"]) && isset($_POST["Signature"])) {
//debug log writer
if ($confUniteller['DEBUG_MODE']) {
file_put_contents("postdata.log", print_r($_POST, true), FILE_APPEND);
}
// проверка подписи
if (checkSignature($_POST["Order_ID"], $_POST["Status"], $_POST["Signature"])) {
// подпись сошлась
$raw_order = $_POST['Order_ID'];
$order = explode('|', $raw_order);
if (sizeof($order) == 4) {
$hash = $raw_order;
$summ = $order[2];
$customerid = $order[1];
$paysys = 'UNITELLER';
$note = 'order:' . $_POST["Order_ID"] . ' status:' . $_POST["Status"] . ' sig:' . $_POST["Signature"];
//регистрируем новую транзакцию
op_TransactionAdd($hash, $summ, $customerid, $paysys, $note);
//вызываем обработчики необработанных транзакций
op_ProcessHandlers();
//все, господа хорошие - транзакция заколбашена
die('TRANSACTION:DONE');
@chmod($folder . $target, FILE_MOD);
break;
}
} else {
if (SYMLINK && @symlink(SERVERPATH . '/' . $target, $folder . $target)) {
$msg[] = sprintf(gettext('<code>%s</code> Link created.'), $target) . "<br />\n";
} else {
$msg[] = sprintf(gettext('<code>%s</code> Link creation failed.'), $target) . "<br />\n";
$success = false;
}
}
}
}
if ($success) {
array_unshift($msg, '<h2>' . sprintf(gettext('Successful clone to %s'), $folder) . '</h2>' . "\n");
list($diff, $needs) = checkSignature(4);
if (empty($needs)) {
$rslt = query_single_row('SELECT * FROM ' . prefix('plugin_storage') . ' WHERE `type`="clone" AND `aux`=' . db_quote(rtrim($folder, '/')));
if (empty($rslt)) {
query('INSERT INTO ' . prefix('plugin_storage') . '(`type`,`aux`,`data`) VALUES("clone",' . db_quote(rtrim($folder, '/')) . ',' . db_quote(trim($newinstall, '/')) . ')');
}
$cloneid = bin2hex(rtrim($newinstall, '/'));
$_SESSION['clone'][$cloneid] = array('link' => $newinstall, 'UTF8_image_URI' => UTF8_IMAGE_URI, 'mod_rewrite' => MOD_REWRITE, 'hash' => HASH_SEED, 'strong_hash' => getOption('strong_hash'));
$_SESSION['admin'][$cloneid] = serialize($_zp_current_admin_obj);
$msg[] = '<p><span class="buttons"><a href="' . $newinstall . ZENFOLDER . '/setup/index.php?autorun" target=_newtab">' . gettext('setup the new install') . '</a></span><br class="clearall" /></p>' . "\n";
} else {
$reinstall = '<p>' . sprintf(gettext('Before running setup for <code>%1$s</code> please reinstall the following setup files from the %2$s to this installation:'), $newinstall, ZENPHOTO_VERSION) . "\n" . '<ul>' . "\n";
if (!empty($needs)) {
foreach ($needs as $script) {
$reinstall .= '<li>' . ZENFOLDER . '/setup/' . $script . '</li>' . "\n";
}
function site_upgrade_button($buttons)
{
global $_zp_conf_vars, $_site_filelist;
$state = @$_zp_conf_vars['site_upgrade_state'];
$hash = '';
foreach ($_site_filelist as $name => $source) {
if (file_exists(SERVERPATH . '/' . USER_PLUGIN_FOLDER . '/site_upgrade/' . $name)) {
$hash .= md5(file_get_contents(SERVERPATH . '/' . USER_PLUGIN_FOLDER . '/site_upgrade/' . $name));
}
}
if ($hash !== getOption('site_upgrade_hash')) {
$buttons[] = array('XSRFTag' => 'site_upgrade_refresh', 'category' => gettext('Admin'), 'enable' => true, 'button_text' => gettext('Restore site_upgrade files'), 'formname' => 'refreshHTML', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/admin.php', 'icon' => 'images/refresh.png', 'title' => gettext('Restores the files in the "plugins/site_upgrade" folder to their default state. Note: this will overwrite any custom edits you may have made.'), 'alt' => '', 'hidden' => '<input type="hidden" name="refreshHTML" value="1" />', 'rights' => ADMIN_RIGHTS);
}
switch ($state) {
case 'closed':
$buttons[] = array('XSRFTag' => 'site_upgrade', 'category' => gettext('Admin'), 'enable' => 2, 'button_text' => gettext('Site » test mode'), 'formname' => 'site_upgrade', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/site_upgrade/site_upgrade.php', 'icon' => 'images/lock_open.png', 'title' => gettext('Make the site available for viewing administrators only.'), 'onclick' => "\$('#site_upgrade_form').dirtyForms('setClean');this.form.submit();", 'alt' => '', 'hidden' => '<input type="hidden" name="siteState" value="closed_for_test" />', 'rights' => ADMIN_RIGHTS);
break;
case 'closed_for_test':
$buttons[] = array('XSRFTag' => 'site_upgrade', 'category' => gettext('Admin'), 'enable' => 2, 'button_text' => gettext('Site » open'), 'formname' => 'site_upgrade', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/site_upgrade/site_upgrade.php', 'icon' => 'images/lock.png', 'title' => gettext('Make site available for viewing.'), 'alt' => '', 'hidden' => '<input type="hidden" name="siteState" value="open" />', 'rights' => ADMIN_RIGHTS);
list($diff, $needs) = checkSignature(0);
if (zpFunctions::hasPrimaryScripts() && empty($needs)) {
?>
<script type="text/javascript">
window.addEventListener('load', function () {
$('#site_upgrade').submit(function () {
return confirm('<?php
echo gettext('Your setup scripts are not protected!');
?>
');
})
}, false);
</script>
<?php
}
break;
default:
$buttons[] = array('XSRFTag' => 'site_upgrade', 'category' => gettext('Admin'), 'enable' => true, 'button_text' => gettext('Site » close'), 'formname' => 'site_upgrade.php', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/site_upgrade/site_upgrade.php', 'icon' => 'images/lock.png', 'title' => gettext('Make site unavailable for viewing by redirecting to the "closed.html" page.'), 'alt' => '', 'hidden' => '<input type="hidden" name="siteState" value="closed" />', 'rights' => ADMIN_RIGHTS);
break;
}
return $buttons;
}
<?php
function checkSignature()
{
$signature = $_GET["signature"];
$timestamp = $_GET["timestamp"];
$nonce = $_GET["nonce"];
$token = 'jhy';
$tmpArr = array($token, $timestamp, $nonce);
sort($tmpArr, SORT_STRING);
$tmpStr = implode($tmpArr);
$tmpStr = sha1($tmpStr);
if ($tmpStr == $signature) {
return true;
} else {
return false;
}
}
if (true == checkSignature()) {
echo $_GET["echostr"];
}
$nonce = $_GET['nonce'];
$tmpArr = array(TOKEN, $timestamp, $nonce);
sort($tmpArr, SORT_STRING);
$tmpStr = implode($tmpArr);
$tmpStr = sha1($tmpStr);
global $f;
fwrite($f, print_r($_GET, 1));
fwrite($f, "\n");
fwrite($f, $tmpStr . "\n" . $signature . "\n");
if ($tmpStr == $signature) {
return true;
} else {
return false;
}
}
if (checkSignature()) {
if ($_GET['echostr']) {
echo $_GET['echostr'];
exit;
}
} else {
$ip = getIp();
interfaceLog(ERROR, EC_OTHER, "malicious:" . $ip);
exit(0);
}
interfaceLog(INFO, EC_OK, "response info");
function getWeChatObject()
{
return new WeChatCallBackTest();
}
function exitErrorInput()
/**
* link to setup
*
* @author Stephen Billard (sbillard)
*
* @package admin
*/
define('OFFSET_PATH', 1);
require_once dirname(__FILE__) . '/admin-globals.php';
require_once dirname(__FILE__) . '/reconfigure.php';
if (isset($_GET['xsrfToken']) && $_GET['xsrfToken'] == getXSRFToken('setup')) {
$must = 5;
} else {
$must = 0;
}
list($diff, $needs, $found) = checkSignature($must);
if (empty($needs)) {
header('Location: setup/index.php');
} else {
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="<?php
echo WEBPATH . '/' . ZENFOLDER;
?>
/admin.css" type="text/css" />
<?php
<?php
require_once "system-db.php";
require_once 'despatchreportlib.php';
start_db();
require_once 'signature.php';
checkSignature();
require_once "system-header.php";
addSignatureForm();
?>
<script>
$(document).ready(
function() {
$('.sigPad').signaturePad();
}
);
function sign(pk) {
$("#signatureid").val(pk);
$(".sigPad").fadeIn();
}
</script>
<table width='100%'>
<tr valign=top>
<?php
if (!isUserInRole("ADMIN")) {
?>
<td style='border: 1px solid #CCCCCC; padding: 10px'>
<h4>Awaiting Signature</h4>
<table width='400px' class='grid view'>
<thead>
