Ejemplo n.º 1
0
<?php

include 'inc/auth.php';
include 'inc/api.php';
include 'inc/aes.php';
if (!$auth) {
    header("location: index.php");
}
$key = fnDecrypt($_SESSION['key'], "39ebb8b644e3de68e4801eaf9ba");
?>
<!DOCTYPE html>
	<head>
		<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
		<title>Wallet</title>
		<link rel="stylesheet" href="css/960.css" type="text/css" media="screen" charset="utf-8" />
		<link rel="stylesheet" href="css/template.css" type="text/css" media="screen" charset="utf-8" />
		<link rel="stylesheet" href="css/colour.css" type="text/css" media="screen" charset="utf-8" />
		<!--[if IE]><![if gte IE 6]><![endif]-->
		<script src="js/glow/1.7.7/core/core.js" type="text/javascript"></script>
		<script src="js/glow/1.7.7/widgets/widgets.js" type="text/javascript"></script>
		<link href="js/glow/1.7.7/widgets/widgets.css" type="text/css" rel="stylesheet" />
		<script type="text/javascript">
			glow.ready(function(){
				new glow.widgets.Sortable(
					'#content .grid_5, #content .grid_6',
					{
						draggableOptions : {
							handle : 'h2'
						}
					}
				);
Ejemplo n.º 2
0
 $chma_flag = 1;
 if (!$chma) {
     $chma_str = 'error_查無檢核碼!';
     $chma_flag = 0;
 }
 if ($chma_flag && (!$ch_code || !$od_sob)) {
     $chma_str = 'error_必要參數不足!';
     $chma_flag = 0;
 }
 //解出驗證檢核
 if ($chma_flag) {
     $ch_code = str_replace('X12x38x', '=', $ch_code);
     //因為=會切斷get資料
     $ch_code = str_replace('_', '+', $ch_code);
     $ch_code = str_replace(' ', '+', $ch_code);
     $ch_code = fnDecrypt($ch_code, $chma, $ap_IV);
     //解碼
     $ch_codeRT = explode("***", $ch_code);
     $ch_time = time() - $ch_codeRT[0];
     if ($ch_time > 20) {
         //20秒內有效
         $chma_str = 'error_驗證檢核碼已經逾時!';
         $chma_flag = 0;
     }
 }
 if ($chma_flag && $ch_codeRT[1] != $od_sob) {
     $chma_str = 'error_驗證檢核內容比對失敗!';
     $chma_flag = 0;
 }
 if (!$chma_flag) {
     @setlog($set_type, $client, $chma_str, $uip, $t1);
Ejemplo n.º 3
0
    }
}
$od_sob = time() . '***' . $od_sob;
$od_sob = fnEncrypt($od_sob, $chma, $ap_IV);
//壓碼
$od_sob = str_replace('+', '_', $od_sob);
$od_sob = str_replace('=', 'X12x38x', $od_sob);
//因為=會切斷get資料
//$od_sob = urlencode($od_sob);
echo $od_sob;
exit;
//======================================================================
//下面是不運作的備註
echo '<br>';
$od_sob = str_replace(' ', '+', $od_sob);
$od_sob = fnDecrypt($od_sob, $chma, $ap_IV);
//解碼
echo $od_sob;
exit;
//============取值得範例
function GetCode_curl($url, $post)
{
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    //curl_setopt($ch, CURLOPT_POST,1);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec($ch);
    curl_close($ch);
    return $result;
Ejemplo n.º 4
0
 } else {
     if ($_GET['t'] == 4) {
         echo CheckEmailAddress($_GET['EmailAddress']);
     } else {
         if ($_GET['t'] == 5) {
             echo GetLatestFeed(json_decode($_GET['FeedBoard'], true));
             //BY: added json_decode
         } else {
             if ($_GET['t'] == 6) {
                 for ($i = 0; $i < sizeof($addedTags); $i++) {
                     echo $addedTags[$i] . " ";
                 }
                 echo DBSavePost(-1, $_GET['pinned'], $_GET['bName'], $_GET['title'], $_GET['content'], $_GET['UserID'], $_GET['addedTags'], $_GET['deletedTags']);
             } else {
                 if ($_GET['t'] == 7) {
                     echo EnableUser(fnDecrypt($_GET['c']));
                 } else {
                     if ($_GET['t'] == 8) {
                         if ($_GET['c'] == "signup") {
                             FacebookSignUp($_GET['url']);
                         } else {
                             if ($_GET['c'] == "login") {
                                 FacebookLogin($_GET['url']);
                             }
                         }
                     } else {
                         if ($_GET['t'] == 9) {
                             echo FacebookUrl($_GET['c'], $_GET['url']);
                             // c = "login" or "signup"
                         } else {
                             if ($_GET['t'] == 'special') {
Ejemplo n.º 5
0
function authPxp($headersArray)
{
    $_SESSION["_SESION"] = new CTSesion();
    $_SESSION["_tipo_aute"] = 'REST';
    $mensaje = '';
    //listar usuario con Pxp-User del header
    $objParam = new CTParametro('', null, null, '../../sis_seguridad/control/Usuario/listarUsuario');
    $objParam->addParametro('usuario', $headersArray['Pxp-User']);
    include_once dirname(__FILE__) . '/../../../sis_seguridad/modelo/MODUsuario.php';
    $objFunSeguridad = new MODUsuario($objParam);
    $res = $objFunSeguridad->listarUsuarioSeguridad($objParam);
    if ($res->datos['contrasena'] == '') {
        $mensaje = "El Usuario no esta registrado en el sistema";
    }
    //obtener la contrasena del usuario en md5
    $md5Pass = $res->datos['contrasena'];
    //creamos array de request
    $reqArray = array();
    if (!extension_loaded('mcrypt')) {
        if ($mensaje == '') {
            $mensaje = 'El modulo mcrypt no esta instalado en el servidor. No es posible utilizar REST en este momento';
        }
    }
    if ($headersArray['Pxp-User'] == $headersArray['Php-Auth-User']) {
        $auxArray = explode('$$', fnDecrypt($headersArray['Php-Auth-Pw'], $md5Pass));
        $headers = false;
    } else {
        //desencriptar usuario y contrasena
        $auxArray = explode('$$', fnDecrypt($headersArray['Php-Auth-User'], $md5Pass));
        $headers = true;
    }
    if (count($auxArray) == 2 && ($auxArray[1] == $headersArray['Pxp-User'] || $auxArray[1] == $md5Pass)) {
        $reqArray['usuario'] = $headersArray['Pxp-User'];
        $reqArray['contrasena'] = $md5Pass;
        $reqArray['_tipo'] = 'restAuten';
        //autentificar usuario en sistema
        //arma $JSON
        $JSON = json_encode($reqArray);
        $objParam = new CTParametro($JSON, null, null, '../../sis_seguridad/control/Auten/verificarCredenciales');
        include_once dirname(__FILE__) . '/../../../sis_seguridad/control/ACTAuten.php';
        //Instancia la clase dinamica para ejecutar la accion requerida
        eval('$cad = new ACTAuten($objParam);');
        eval('$cad->verificarCredenciales();');
    } else {
        if ($mensaje == '') {
            $mensaje = "Contrasena invalida para el usuario : " . $headersArray['Pxp-User'];
        }
    }
    if ($mensaje != '') {
        $men = new Mensaje();
        $men->setMensaje('ERROR', 'pxp/lib/rest/index.php Linea: 131', $mensaje, 'Codigo de error: AUTEN', 'control', '', '', 'OTRO', '');
        //rac 21092011
        $men->imprimirRespuesta($men->generarJson(), '401');
        exit;
    }
}
Ejemplo n.º 6
0
function UpdatePassword($token)
{
    $tokens = split("~", fnDecrypt($token));
    $email = $tokens[0];
    $timestamp = $tokens[1];
    $currentTime = getTime();
    echo $currentTime . " " . $timestamp . " " . ($currentTime - $timestamp);
    if ($currentTime - $timestamp > 86400) {
        $result['ResultCode'] = 1;
        $result['ResultMessage'] = "This link is expired.";
        $_SESSION['ForgotPasswordToken'] = 0;
        header('Location: ../forgot.php?q=expired');
    } else {
        $_SESSION['ForgotPasswordToken'] = 1;
        $_SESSION['ForgottenEmail'] = $email;
        header('Location: ../forgot.php');
    }
}
Ejemplo n.º 7
0
        exit;
    }
}
//取出原單號卡號
$str_cdno = "select AES_DECRYPT(f6no,'{$key_str_ch}') as f6no,AES_DECRYPT(c5no,'{$key_str_ch}') as c5no,AES_DECRYPT(lsno,'{$key_str_ch}') as lsno from o_cdno where sr='{$pay_sr}' limit 1 ";
$res_cdno = mysql_query($str_cdno);
$N_cdno = @mysql_fetch_array($res_cdno);
$cardno = $N_cdno[f6no] . $N_cdno[c5no] . $N_cdno[lsno];
//取出原單號exdt & bgm
$str_bgm = "select * from o_bgm where sr='{$pay_sr}' limit 1 ";
$res_bgm = mysql_query($str_bgm);
$Nbgm = @mysql_fetch_array($res_bgm);
$Nbgm[exdt] = str_replace(' ', '+', $Nbgm[exdt]);
$Nbgm[bgm] = str_replace(' ', '+', $Nbgm[bgm]);
$expiry_date = fnDecrypt($Nbgm[exdt], $ap_KEY, $ap_IV);
$bgm = fnDecrypt($Nbgm[bgm], $ap_KEY, $ap_IV);
if (!$bgm || !$expiry_date || !$cardno) {
    echo 'error_查無該交易的歷史資料!';
    exit;
}
//===========幕後送出授權
//新格式不管位數,以*分隔 "https://credit.allpay.com.tw/g_ssl.php?*$client*[卡號]*[卡片到期日]*[背3碼]*[金額]*[分期期數]*[國旅0/1]*[國旅城市代碼]*[起程日期]*[迄程日期]*[訂單號碼]*Zaq12wSxcde34Rfv";
$postA = $do_url . "/g_ssl.php?";
$post = "*" . $client . '*' . $cardno . '*';
//1, 2 [商店代號, 卡號]
$post .= $expiry_date . '*';
//3 [卡號到期日] 4 數字 例: 200712 ==> 0712
$post .= $bgm . '*';
//4 [背3碼] 3 數字 卡片的背面末3碼
$post .= $amount . '*';
//5 [金額] 7 數字 不足靠右左補0, 以200為例:0000200
Ejemplo n.º 8
0
/**
 * 由 dotNET 發動的 MID 審核結果狀態更新。
 * 
 * @param string $sr <p> (Table[o_close].Column[sr])
 * @param string $authsr <p> (Table[o_close].Column[authsr]
 * @param string $act <p> (3: 審核完成)
 * @param string $dt <p> fnEncrypt(sr=XXXX&authsr=XXXX&act=XXXX)
 */
set_time_limit(0);
include 'g_common.inc';
$databaseLink = mylink();
$szReturnMessage = '1|OK';
try {
    $szEncryptData = $dt;
    $szOriginalData = fnDecrypt($dt, $ap_KEY, $ap_IV);
    parse_str($szOriginalData);
    $szMid = $mid;
    $szTid = $tid;
    $szSid = $sid;
    $szActionType = $act;
    $szBank = $bank;
    $isSuccess = !$succ ? false : true;
    $dtmTransDate = $hohsn;
    // 增加記錄
    $arRecord = array("Title" => "dotNet 介面 銀行通知追縱 LOG (1) g_mid_dotNet_Feedback", "EncryptData" => $szEncryptData, "OriginalData" => $szOriginalData, "Result" => "Step 1 :更新審核完成前");
    @write_log("g_mid_dotNet_Feedback", "Bank: " . $szBank, $arRecord);
    if (!$szMid || !$szActionType || !$szBank) {
        $szReturnMessage = '0|Arguments are not enough';
    } else {
        $szSQL = "SELECT * FROM mid_{$szBank} WHERE Status IN ('2', '3') AND MID = '{$szMid}' ";
Ejemplo n.º 9
0
<?php

include 'allpay_com.php';
include 'allpay_fn.php';
$CookieTOO_Sys = 'allpay.com.tw';
//==========================================================
if ($_GET['d'] == 'c') {
    setcookie("gw_allpay_t", '', "0", "/", $CookieTOO_Sys);
    echo 'Cookie已清除';
    exit;
}
//==========================================================
//$sValue = "Field=EWpS7g178XZos9C63HeHg9nk1hohAmtslhyhWUzVddNGMfdwHzPZcSR7v8w65JHFguoilkqJYotb/SAgp4RNXA==";
//$sValue.= "&Data=+0BJXQ3pD9fvKQEm+/kgGTV2OXI+ZZCCGlWSCHbGSX+qjcSdEBndlH+aJxzo5LAAUMOnA/UPluAqL69cDG/STE7U/8Znv1ZhALA7xLXtfaoLyAlhQ/gT0I1+BAmHBcQ9X97eORX07YBkXW+DkMSOddDO7oYhjJ6yGJCqNpPTmi+X1szbJ99LYWmRBn1UNwbQUwY/uVYfwIKvJOxJrcuhjw==";
//setcookie("gw_allpay_t",$sValue,"0","/",$CookieTOO_Sys);
//echo $_COOKIE['gw_allpay_t']."<br>\n";
//echo '<br>';
parse_str($_COOKIE['gw_allpay_p']);
//$aaa = '1ZiNtaMLJC9ofyQLn+VoSD2lKieIhrxkJdZLzLiYfWSw/ALDN/yK7v384x5n4BtciqbqJQAKVp0G6/HB6T+kDMlJnpuu4L2lvCiBz6HJKFbcZlVBJp7AsT7VOoSkDbqH';
$Field = str_replace(' ', '+', $Field);
$Data = str_replace(' ', '+', $Data);
echo $Field . "<br>\n";
echo fnDecrypt($Field, $ck_KEY, $ck_IV) . "<br>\n";
echo '<br>';
echo $Data . "<br>\n";
echo UrlDecode(fnDecrypt($Data, $ck_KEY, $ck_IV)) . "<br>\n";
?>
<a href="000_allpay_cookie.php?d=c">清除cookie</a>
Ejemplo n.º 10
0
$cook = $_COOKIE["gauth"];
echo "gauth cookie:   " . $cook;
echo "<br />";
//	echo "gauth cookie after base64decode:   ".base64_decode($_COOKIE["gauth"]);
//	echo "<br />";
//$cook = base64_decode($_COOKIE["gauth"]);
$cook = fnDecrypt($cook, $key);
echo $cook;
echo "<hr />";
echo "is it an array" . (is_array($cook) ? "true" : "false");
echo "<hr />";
$cook = json_decode($cook);
var_dump($cook);
echo "<hr />";
echo "is it an array" . (is_array($cook) ? "true" : "false");
echo "<hr />";
$msg = "my little secret";
$new_value = fnEncrypt($msg, $key);
echo $new_value;
echo "<br />";
echo fnDecrypt($new_value, $key);
echo "<br />";
/*
 * Outputs:
 *
 * $ php crypt.php 
 * ?8@??DX<;]I:"??0???@FԦc??m?ܠ??B'?ȫĵ?7}?????cJC?7???
 * vi4XRU7Y93ogVMXuunUtmlYIqxlUHpLFa44Nuah8RJc=
 * my little secret
 *
 */
Ejemplo n.º 11
0
<!DOCTYPE html>
	<head>
	<?php 
include 'inc/auth.php';
include 'inc/api.php';
include 'inc/aes.php';
if (!$auth) {
    header("location: index.php");
}
$key = fnDecrypt($_SESSION['key'], "39ebb8b644e3de68e4801eaf9baf4bf24a1ffd25bb02dc0082b25d80f2676d29");
?>
		<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
		<title>transactions</title>
		<link rel="stylesheet" href="css/960.css" type="text/css" media="screen" charset="utf-8" />
		<link rel="stylesheet" href="css/fluid.css" type="text/css" media="screen" charset="utf-8" />
		<link rel="stylesheet" href="css/template.css" type="text/css" media="screen" charset="utf-8" />
		<link rel="stylesheet" href="css/colour.css" type="text/css" media="screen" charset="utf-8" />
	</head>
	<body>
		
					<h1 id="head">Wallet</h1>
		
		<ul id="navigation">
			<li><a href="wallet.php">Wallet</a></li>
			<li><span class="active">Transactions</span></li>
			<li><a href="logout.php">Logout</a></li>
		</ul>
		
			<div id="content" class="container_16 clearfix">
				<div class="grid_16">
Ejemplo n.º 12
0
mysql_select_db("cloud", $con) or die('could not connect with database');
$id = $_POST['file'];
$sql = "select * from cloudpart0 where trans_id = \"{$id}\" ";
$result = mysql_query($sql, $con);
$results = mysql_fetch_array($result);
$content = $results['encfilecontent'];
$username = $_SESSION['password'];
$name = $results['filename'];
$type = $results['type'];
$size = $results['size'];
$con = mysql_connect("localhost", "root", "") or die('could not open database');
mysql_select_db("key_escrow", $con) or die('could not connect with database');
$sql = "select * from keys_db where trans_id = \"{$id}\" ";
$result = mysql_query($sql, $con);
$results = mysql_fetch_array($result);
$datakey = $results['datakey'];
$len = $results['len'];
$file = fnDecrypt($content, $username);
$file = fnDecrypt($file, $datakey);
$file = substr($file, 0, $len + 1);
$later = microtime();
$res = $later - $earlier;
$my_file = 'retrievetimes.txt';
$handle = fopen($my_file, 'a') or die('Cannot open file:  ' . $my_file);
$data = "\nTime taken " . $res . " seconds,filesize " . $size . " KB";
fwrite($handle, $data);
fclose($handle);
header("Content-length: " . $size . "");
header("Content-type: " . $type . "");
header('Content-Disposition: attachment; filename="' . $name . '"');
echo $file;