function load($classCall)
{
$names = getNames($classCall);
if (checkRootNamespace($names)) {
if (in_array('board', $names)) {
loadBaseClass(end($names));
} elseif (in_array('apps', $names)) {
loadApp(end($names), getAppType($names));
} else {
findClass($names);
}
}
}
function writeJob($params)
{
global $f, $app, $name, $tmpdir, $jobNum, $stamp, $cw, $wuname, $MAX_FPOPS_PER_JOB;
global $johnpotfile_stamped, $passwordfile_john_stamped, $passwordfile_hashcat_stamped, $configfile_stamped, $rulesfile_stamped;
global $wordlist_stamped;
$wuname = sprintf("%s_%s_%d_%s", $name, $app, $jobNum, $stamp);
// Parameters ==================================================
$fpops = 0;
$createworkparams = "";
$app_params = createParameters($app, $params, $fpops);
$createworkparams = "\t --command_line \"" . str_replace('"', '\\"', $app_params) . "\" \\\n";
$fpops_bound = $fpops * 10;
if (getAppSubType() == "cudahashcat+") {
$fpops_bound += 15 * ONESECOND_ON_A_FAST_MACHINE;
} else {
$fpops_bound += 3 * ONESECOND_ON_A_FAST_MACHINE;
}
//3 Seconds Start up time
// Script ======================================================
$cw = "";
$cw .= "bin/create_work \\\n";
$cw .= "\t --appname {$app} \\\n";
$cw .= "\t --wu_name {$wuname} \\\n";
if ($params['rules'] && $params['wordlist'] && getAppType() == "hashcat") {
$cw .= "\t --wu_template templates/{$app}_wu_wordlist_rules.xml \\\n";
} else {
if ($params['wordlist']) {
$cw .= "\t --wu_template templates/{$app}_wu_wordlist.xml \\\n";
} else {
$cw .= "\t --wu_template templates/{$app}_wu_no-wordlist.xml \\\n";
}
}
$cw .= "\t --result_template templates/{$app}_result.xml \\\n";
$cw .= "\t --rsc_fpops_est " . $fpops . " \\\n";
$cw .= "\t --rsc_fpops_bound " . $fpops_bound . " \\\n";
$cw .= "\t --rsc_memory_bound 131072000 \\\n";
//125MB
$cw .= $createworkparams;
if ($app == "john") {
$cw .= "\t {$passwordfile_john_stamped} \\\n";
} else {
if (getAppType() == "hashcat") {
$cw .= "\t {$passwordfile_hashcat_stamped} \\\n";
} else {
die("WTF?");
}
}
if ($app == "john") {
$cw .= "\t {$configfile_stamped} \\\n";
}
if ($params['wordlist']) {
$cw .= "\t {$wordlist_stamped} \\\n";
}
if ($app == "john") {
$cw .= "\t {$johnpotfile_stamped} \n";
} else {
if ($params['rules'] && $params['wordlist'] && getAppType() == "hashcat") {
$cw .= "\t {$rulesfile_stamped} \n";
} else {
if (getAppType() == "hashcat") {
$cw .= "\t \n";
} else {
die("WTF?");
}
}
}
if ($MAX_FPOPS_PER_JOB[$app] > 0) {
$maybetime = $fpops / $MAX_FPOPS_PER_JOB[$app];
$cw .= "# Estimate: {$maybetime} hours on a c1.xlarge\n";
}
fwrite($f, $cw);
$jobNum++;
echo ".";
if ($jobNum % 10 == 0) {
echo $jobNum . "\n";
}
}
function logBefore()
{
$this->startTm = microtime(true);
global $APP;
$type = getAppType();
$userId = null;
if ($type == "user") {
$userId = $_SESSION["uid"];
} else {
if ($type == "emp" || $type == "store") {
$userId = $_SESSION["empId"];
} else {
if ($type == "admin") {
$userId = $_SESSION["adminId"];
}
}
}
if (!(is_int($userId) || ctype_digit($userId))) {
$userId = 'NULL';
}
$content = $this->myVarExport($_GET, 2000);
$ct = $_SERVER["HTTP_CONTENT_TYPE"];
if (!preg_match('/x-www-form-urlencoded|form-data/i', $ct)) {
$post = file_get_contents("php://input");
$content2 = $this->myVarExport($post, 2000);
} else {
$content2 = $this->myVarExport($_POST, 2000);
}
if ($content2 != "") {
$content .= ";\n" . $content2;
}
$remoteAddr = @$_SERVER['REMOTE_ADDR'] ?: 'unknown';
$reqsz = strlen($_SERVER["REQUEST_URI"]) + (@$_SERVER["HTTP_CONTENT_LENGTH"] ?: $_SERVER["CONTENT_LENGTH"] ?: 0);
$ua = $_SERVER["HTTP_USER_AGENT"];
$ver = getClientVersion();
$sql = sprintf("INSERT INTO ApiLog (tm, addr, ua, app, ses, userId, ac, req, reqsz, ver) VALUES ('%s', %s, %s, %s, %s, {$userId}, %s, %s, {$reqsz}, %s)", date(FMT_DT), Q($remoteAddr), Q($ua), Q($APP), Q(session_id()), Q($this->ac), Q($content), Q($ver["str"]));
$this->id = execOne($sql, true);
// $logStr = "=== [" . date("Y-m-d H:i:s") . "] id={$this->logId} from=$remoteAddr ses=" . session_id() . " app=$APP user=$userId ac=$ac >>>$content<<<\n";
}
function api_chpwd()
{
$type = getAppType();
if ($type == "user") {
checkAuth(AUTH_USER, true);
$uid = $_SESSION["uid"];
} elseif ($type == "emp") {
checkAuth(AUTH_EMP, true);
$uid = $_SESSION["empId"];
}
$pwd = mparam("pwd");
list($oldpwd, $code) = mparam(["oldpwd", "code"]);
if (isset($oldpwd)) {
# validate oldpwd
if ($type == "user" && $oldpwd === "_none") {
// 表示不要验证,但只限于新用户注册1小时内
$dt = date(FMT_DT, time() - T_HOUR);
$sql = sprintf("SELECT id FROM User WHERE id=%d and createTm>'{$dt}'", $uid);
} elseif ($type == "user") {
$sql = sprintf("SELECT id FROM User WHERE id=%d and pwd=%s", $uid, Q(hashPwd($oldpwd)));
} elseif ($type == "emp") {
$sql = sprintf("SELECT id FROM Employee WHERE id=%d and pwd=%s", $uid, Q(hashPwd($oldpwd)));
}
$row = queryOne($sql);
if ($row === false) {
throw new MyException(E_AUTHFAIL, "bad password", "密码验证失败");
}
}
# change password
if ($type == "user") {
$rv = setUserPwd($uid, $pwd, true);
} elseif ($type == "emp") {
$rv = setEmployeePwd($uid, $pwd, true);
}
addToPwdTable($pwd);
return $rv;
}
