if (time() - $t > 86400) { error_page("Link has expired;\r\n\t\t\tgo <a href=get_passwd.php>here</a> to\r\n\t\t\tget a new login link by email."); } send_cookie('auth', $user->authenticator, true); Header("Location: home.php"); exit; } // check for account key case. // see if key is in URL; if not then check for POST data // $authenticator = get_str("key", true); if (!$authenticator) { $authenticator = post_str("authenticator", true); } if (!$authenticator) { error_page("You must supply an account key"); } if (substr($user->authenticator, 0, 1) == 'x') { //User has been bad so we are going to take away ability to post for awhile. error_page("This account has been administratively disabled."); } $user = lookup_user_auth($authenticator); if (!$user) { page_head("Login failed"); echo "There is no account with that authenticator.\r\n\t\tPlease <a href=get_passwd.php>try again</a>.\r\n\t"; page_tail(); } else { Header("Location: {$next_url}"); $perm = $_POST['stay_logged_in']; send_cookie('auth', $authenticator, $perm); }
} if (!is_valid_country($country)) { echo "bad country"; exit; } $postal_code = ''; $user = make_user($new_email_addr, $new_name, $passwd_hash, $country, $postal_code, $project_prefs = "", $teamid = 0); if (!$user) { show_error("Couldn't create account"); } if (defined('INVITE_CODES')) { error_log("Account '{$new_email_addr}' created using invitation code '{$invite_code}'"); } } // Log-in user in the web // In success case, redirect to a fixed page so that user can // return to it without getting "Repost form data" stuff $next_url = post_str('next_url', true); $next_url = sanitize_local_url($next_url); if ($next_url) { Header("Location: " . URL_BASE . "{$next_url}"); } else { Header("Location: " . URL_BASE . "home.php"); send_cookie('init', "1", true); send_cookie('via_web', "1", true); } send_cookie('auth', $user->authenticator, true); } } catch (ErrorException $e) { echo $e->getMessage(); }
function login_with_ldap($uid, $passwd, $next_url, $perm) { list($ldap_user, $error_msg) = ldap_auth($uid, $passwd); if ($error_msg) { error_page($error_msg); } $x = ldap_email_string($uid); $user = BoincUser::lookup_email_addr($x); if (!$user) { // LDAP authentication succeeded but we don't have a user record. // Create one. // $user = make_user_ldap($x, $ldap_user->name); } if (!$user) { error_page("Couldn't create user"); } Header("Location: " . url_base() . "{$next_url}"); send_cookie('auth', $user->authenticator, $perm); return; }
// get the sort style either from the logged in user or a cookie if ($user) { $sort_style = $user->prefs->forum_sorting; } else { if (isset($_COOKIE['sorting'])) { list($sort_style, $thread_style) = explode("|", $_COOKIE['sorting']); } } } else { // set the sort style if ($user) { $user->prefs->forum_sorting = $sort_style; $user->prefs->update("forum_sorting={$sort_style}"); } else { list($old_style, $thread_style) = explode("|", $_COOKIE['sorting']); send_cookie('sorting', implode("|", array($sort_style, $thread_style)), true); } } switch ($forum->parent_type) { case 0: $category = BoincCategory::lookup_id($forum->category); if ($category->is_helpdesk) { page_head(tra("Questions and Answers") . ' : ' . $forum->title); ?> <link href="forum_help_desk.php" rel="up" title="Forum Index"><?php } else { page_head(tra("Message boards") . ' : ' . $forum->title); ?> <link href="forum_index.php" rel="up" title="Forum Index"><?php } show_forum_header($user);
// along with BOINC. If not, see <http://www.gnu.org/licenses/>. // // This file was modified by contributors of "BOINC Web Tweak" project. require_once "../inc/util.inc"; require_once "../inc/translation.inc"; $languages = getSupportedLanguages(); if (!is_array($languages)) { error_page("Language selection not enabled. Project admins must run the update_translations.php script."); } $prefs = $_SERVER["HTTP_ACCEPT_LANGUAGE"]; $set_lang = get_str("set_lang", true); if ($set_lang) { if (!in_array($set_lang, $languages) && $set_lang != "auto") { error_page("Language not supported"); } else { send_cookie('lang', $set_lang, true); header("Location: index.php"); exit; } } page_head("Language selection"); ?> <p> This web site is available in several languages. The currently selected language is: <em><?php echo tra("LANG_NAME_INTERNATIONAL"); ?> </em> (<?php echo tra("LANG_NAME_NATIVE"); ?> ).
require_once "../inc/util.inc"; require_once "../inc/email.inc"; $auth = post_str("auth"); $name = post_str("name"); if (strlen($name) == 0) { error_page("You must supply a name for your account"); } if ($new_name != strip_tags($new_name)) { error_page("HTML tags not allowed in name"); } $country = post_str("country"); if (!is_valid_country($country)) { error_page("invalid country"); } $country = BoincDb::escape_string($country); $postal_code = BoincDb::escape_string(strip_tags(post_str("postal_code", true))); $auth = BoincDb::escape_string($auth); $name = BoincDb::escape_string($name); $postal_code = BoincDb::escape_string($postal_code); $user = BoincUser::lookup("authenticator='{$auth}'"); if (!$user) { error_page("no such user"); } $retval = $user->update("name='{$name}', country='{$country}', postal_code='{$postal_code}'"); if (!$retval) { error_page("database error"); } Header("Location: team_search.php"); send_cookie('auth', $auth, true); send_cookie('init', "1", true);
} echo proc_tpl('editusers/user', array('CSRF' => $CSRF, 'user_arr[2]' => $user_arr[2], 'user_arr[4]' => $user_arr[4], 'user_arr[5]' => $user_arr[5], 'user_arr[6]' => $user_arr[6], 'user_date' => date("r", $user_arr[0]), 'edit_level' => $edit_level, 'last_login' => empty($user_arr[UDB_LAST]) ? lang('never') : date('r', $user_arr[UDB_LAST]), 'id' => $id)); } elseif ($action == "doedituser") { CSRFCheck(); list($id, $editemail, $editpassword, $editlevel) = GET('id,editemail,editpassword,editlevel'); if (empty($id)) { die(lang("This is not a valid user")); } if (false === ($the_user = user_search($id))) { die(lang("This is not a valid user")); } if (check_email($editemail) == false) { die(lang("Invalid email")); } // In case if email already exists, and email not eq. --> error $find_email = user_search($editemail, 'email'); if ($find_email && $find_email[UDB_EMAIL] != $the_user[UDB_EMAIL]) { die(lang("User with this email already exists")); } // Change password if present if (!empty($editpassword)) { $hmet = hash_generate($editpassword); $the_user[UDB_PASS] = $hmet[count($hmet) - 1]; send_cookie(); } // Change user level anywhere $the_user[UDB_EMAIL] = $editemail; $the_user[UDB_ACL] = $editlevel; user_update($id, $the_user); echo proc_tpl('editusers/doedituser/saved'); }
} } $title = cleanup_title($thread->title); if ($temp_sort_style) { $sort_style = $temp_sort_style; } else { if ($sort_style) { $forum_style = 0; // this is deprecated if ($logged_in_user) { $logged_in_user->prefs->thread_sorting = $sort_style; $logged_in_user->prefs->update("thread_sorting={$sort_style}"); } else { list($forum_style, $old_style) = parse_forum_cookie(); } send_cookie('sorting', implode("|", array($forum_style, $sort_style)), true); } else { // get the sorting style from the user or a cookie if ($logged_in_user) { $sort_style = $logged_in_user->prefs->thread_sorting; } else { list($forum_style, $sort_style) = parse_forum_cookie(); } } } page_head($title, 'jumpToUnread();'); $is_subscribed = $logged_in_user && BoincSubscription::lookup($logged_in_user->id, $thread->id); show_forum_header($logged_in_user); echo "<p>"; switch ($forum->parent_type) { case 0:
// See the GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License // along with BOINC. If not, see <http://www.gnu.org/licenses/>. $skip_auth_ops = true; require_once "../inc/boinc_db.inc"; require_once "../inc/util_ops.inc"; require_once "../inc/email.inc"; require_once "../inc/user.inc"; // check for email/password case // $email_addr = strtolower(post_str("email_addr", true)); $passwd = stripslashes(post_str("passwd", true)); if ($email_addr && $passwd) { $user = BoincUser::lookup_email_addr($email_addr); if (!$user) { error_page("No account found with email address {$email_addr}"); } $passwd_hash = md5($passwd . $email_addr); if ($passwd_hash != $user->passwd_hash) { error_page("Login failed"); } $authenticator = $user->authenticator; $next_url = $_POST["next_url"]; if (strlen($next_url) == 0) { $next_url = "index.php"; } $perm = $_POST['stay_logged_in']; send_cookie('auth', $authenticator, $perm, true); Header("Location: {$next_url}"); }
function wp_login() { //http://127.0.0.1/blog/wp-login.php http://127.0.0.1/blog/wp-login.php $post = array('log' => '18915874253', 'pwd' => 'zxc2016&&**', 'wp-submit' => '登录', 'redirect_to' => 'http://127.0.0.1/blog/wp-admin/', 'testcookie' => '1'); $url = "http://127.0.0.1/blog/wp-login.php"; $cookie = dirname(__FILE__) . '/cookie1.txt'; $url2 = "http://127.0.0.1/blog/wp-admin/"; post_save_cookie($url, $cookie, $post); send_cookie($url2, $cookie); return $cookie; }
function CSRFMake() { global $config_csrf, $_SESS; // no check CSRF if ($config_csrf == 0) { return TRUE; } $csrf = md5(mt_rand() . mt_rand() . mt_rand() . mt_rand()); // Use storage for csrf $csrf_storage = SERVDIR . '/cdata/csrf.php'; $a = fopen($csrf_storage, 'a+'); fwrite($a, time() . '|' . $csrf . '|' . preg_replace('/[^a-z0-9]/i', '_', $_SESS['user']) . "\n"); fclose($a); send_cookie(); // Set new CSRF by session return $csrf; }
function CSRFMake($Name = 'U:CSRF') { global $_SESS; $_SESS[$Name] = md5(mt_rand() . mt_rand()); send_cookie(); return $_SESS[$Name]; }
function CreateImage() { global $_SESS; $ini = microtime(true); // is GD not installed if (!function_exists('imagecreatetruecolor')) { list($text, $reply) = $this->GetCaptchaText(); $_SESS[$this->session_var] = $reply; send_cookie(); echo '<html><body style="font-size: 42px; font-family: Arial, Tahoma, Serif;">' . $reply . '</body></html>'; } else { /** Initialization */ $this->ImageAllocate(); /** Text insertion */ list($text, $reply) = $this->GetCaptchaText(); $fontcfg = $this->fonts[array_rand($this->fonts)]; $this->WriteText($text, $fontcfg); $_SESS[$this->session_var] = $reply; send_cookie(); /** Transformations */ $this->WaveImage(); if ($this->blur && function_exists('imagefilter')) { imagefilter($this->im, IMG_FILTER_GAUSSIAN_BLUR); } $this->ReduceImage(); if ($this->debug) { imagestring($this->im, 1, 1, $this->height - 8, "{$text} {$fontcfg['font']} " . round((microtime(true) - $ini) * 1000) . "ms", $this->GdFgColor); } /** Output */ $this->WriteImage(); $this->Cleanup(); } }