function decryptData($crypttext, $key, $txt = '') { $crypttext = base64_decode($crypttext); $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); $test1 = ''; $test2 = 'x'; $clen = strlen($crypttext); if ($clen > $iv_size) { $iv = substr($crypttext, $clen - $iv_size, $iv_size); $crypttext = substr($crypttext, 0, $clen - $iv_size); $key = myhash($key . "123456789012345678901234567890"); // . myhash($key); $decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, substr(pack("H*", $key), 0, 32), $crypttext, MCRYPT_MODE_CBC, $iv); $pos = strrpos($decrypttext, "#"); $iscompressed = false; if (substr($decrypttext, $pos - 1, 1) == '@') { $iscompressed = true; } $ll = strlen(myshorthash("x")); $test2 = substr($decrypttext, $pos - 1 - $ll, $ll); $decrypttext = substr($decrypttext, 0, $pos - 1 - $ll); $test1 = myshorthash($decrypttext); } if ($test1 != $test2) { if ($txt == '') { MSGError("Decryption error -- contact an admin now (" . getFunctionName() . ")"); } // LogError("Decryption error -- contact an admin, possibly password wrong (" . getFunctionName() .",$txt)"); return ""; } if ($iscompressed) { return unzipstr($decrypttext); } return $decrypttext; }
function filedownload($oid, $fname, $msg = '') { $cf = globalconf(); $if = rawurlencode(encryptData($fname, session_id() . $cf['key'], false)); $p = myhash($oid . $fname . $msg . session_id() . $cf["key"]); $str = "oid=" . $oid . "&filename=" . $if . "&check=" . $p; if ($msg != '') { $str .= "&msg=" . rawurlencode($msg); } return $str; }
function DisplayVotingForm() { ?> <form action="/voting.php"> My first choice is: <input type=radio name="choice1" VALUE="A">A <input type=radio name="choice1" VALUE="B">B <input type=radio name="choice1" VALUE="C">C <hr> My second choice is: <input type=radio name="choice2" VALUE="A">A <input type=radio name="choice2" VALUE="B">B <input type=radio name="choice2" VALUE="C">C <hr> My third choice is: <input type=radio name="choice3" VALUE="A">A <input type=radio name="choice3" VALUE="B">B <input type=radio name="choice3" VALUE="C">C <INPUT TYPE=hidden name="hash" VALUE="<?php global $User; echo myhash($User->id); ?> "> <hr> <INPUT TYPE=SUBMIT VALUE="submit"> </form> <?php }
function userSettings($user, $email = null, $addr = null, $pass = null, $twofa = null) { global $fld_sep; $tmo = false; $flds = array('username' => $user); if ($email != null) { $flds['email'] = $email; } if ($addr != null) { $rows = count($addr); $i = 0; foreach ($addr as $ar) { $flds['address:' . $i] = $ar['addr']; // optional - missing = blank if (isset($ar['payname'])) { $flds['payname:' . $i] = str_replace($fld_sep, ' ', trim($ar['payname'])); } // optional - missing = use default if (isset($ar['ratio'])) { $flds['ratio:' . $i] = $ar['ratio']; } $i++; } $flds['rows'] = $rows; $tmo = 3; # 3x the timeout } if ($pass != null) { $flds['passwordhash'] = myhash($pass); if (nuem($twofa)) { $twofa = 0; } $flds['2fa'] = $twofa; } $msg = msgEncode('usersettings', 'userset', $flds, $user); $rep = sendsockreply('userSettings', $msg, $tmo); if (!$rep) { dbdown(); } return repDecode($rep); }
function DBLogInContest($name, $pass, $contest, $msg = true) { $b = DBGetRow("select * from contesttable where contestnumber={$contest}", 0, null, "DBLogIn(get active contest)"); if ($b == null) { LOGLevel("There is no contest {$contest}.", 0); if ($msg) { MSGError("There is no contest {$contest}, contact an admin."); } return false; } $d = DBSiteInfo($b["contestnumber"], $b["contestlocalsite"], null, false); if ($d == null) { if ($msg) { MSGError("There is no active site, contact an admin."); } return false; } $a = DBGetRow("select * from usertable where username='******' and contestnumber=" . $b["contestnumber"] . " and " . "usersitenumber=" . $b["contestlocalsite"], 0, null, "DBLogIn(get user)"); if ($a == null) { if ($msg) { LOGLevel("User {$name} tried to log in contest {$contest} but it does not exist.", 2); MSGError("User does not exist or incorrect password."); } return false; } $a = DBUserInfo($b["contestnumber"], $b["contestlocalsite"], $a['usernumber'], null, false); $_SESSION['usertable'] = $a; $p = myhash($a["userpassword"] . session_id()); $_SESSION['usertable']['userpassword'] = $p; if ($a["userpassword"] != "" && $p != $pass) { LOGLevel("User {$name} tried to log in contest {$contest} but password was incorrect.", 2); if ($msg) { MSGError("Incorrect password."); } unset($_SESSION["usertable"]); return false; } if ($d["sitepermitlogins"] == "f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") { LOGLevel("User {$name} tried to login contest {$contest} but logins are denied.", 2); if ($msg) { MSGError("Logins are not allowed."); } unset($_SESSION["usertable"]); return false; } if ($a["userenabled"] != "t") { LOGLevel("User {$name} tried to log in contest {$contest} but it is disabled.", 2); if ($msg) { MSGError("User disabled."); } unset($_SESSION["usertable"]); return false; } $gip = getIP(); if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") { LOGLevel("User {$name} is using two different IPs: " . $a["userip"] . "(" . dateconv($a["userlastlogin"]) . ") and " . $gip, 1); if ($msg && $a["usertype"] != "admin") { MSGError("You are using two distinct IPs. Admin notified."); } } if ($a["userpermitip"] != "") { $ips = explode(';', $a["userpermitip"]); $gips = explode(';', $gip); if (count($gips) < count($ips)) { IntrusionNotify("Invalid IP: " . $gip); ForceLoad("index.php"); } for ($ipss = 0; $ipss < count($ips); $ipss++) { $gipi = $gips[$ipss]; $ipi = $ips[$ipss]; if (!match_network($ipi, $gipi)) { IntrusionNotify("Invalid IP: " . $gip); ForceLoad("index.php"); } } } $c = DBConnect(); $t = time(); if ($a["usertype"] == "team" && $a["usermultilogin"] != "t" && $a["userpermitip"] == "") { $r = DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userpermitip='" . $gip . "'," . "userlastlogin={$t}, usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update session)"); } else { DBExec($c, "begin work"); $sql = "update usertable set usersessionextra='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"] . " and (usersessionextra='' or userip != '" . $gip . "' or userlastlogin<=" . ($t - 86400) . ")"; DBExec($c, $sql); DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userlastlogin={$t}, " . "usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update user)"); if ($name == 'admin') { list($clockstr, $clocktime) = siteclock(); if ($clocktime < -600) { DBExec($c, "update contesttable set contestunlockkey='' where contestnumber=" . $b["contestnumber"], "DBLogInContest(update contest)"); } } DBExec($c, "commit work"); } LOGLevel("User {$name} authenticated (" . $gip . ")", 2); return $a; }
exit; } if (!isset($getx['check'])) { ob_end_flush(); echo "<!-- <ERROR2> " . session_id() . " " . session_id() . " -->\n"; exit; } } else { ob_end_flush(); LogLevel("Init connection by IP " . getIP(), 2); echo "<!-- <SESSION1> " . session_id() . " " . session_id() . " -->\n"; exit; } } if (!ValidSession()) { ob_end_flush(); InvalidSession("site/index.php"); ForceLoad("../index.php"); exit; } if (isset($getx['check']) && isset($getx["password"]) && $getx['check'] != myhash($getx["password"] . $_SESSION['usertable']['userpassword'])) { ob_end_flush(); echo "<!-- <SESSION2> " . session_id() . " " . $_SESSION['usertable']['usersessionextra'] . " -->\n"; exit; } if ($_SESSION["usertable"]["usertype"] != "site") { ob_end_flush(); IntrusionNotify("site/index.php"); ForceLoad("../index.php"); exit; }
require 'db_constants.php'; require 'db_inc.php'; function myhash($password, $unique_salt) { $hash = sha1($unique_salt . $password); for ($i = 0; $i < 1000; $i++) { $hash = sha1($hash); } return $hash; } if (isset($_POST['submit'])) { $error = 0; $pass1 = trim($_POST['cpassword']); $pass2 = trim($_POST['npassword']); $pass3 = trim($_POST['napassword']); $sql = 'select password,unique_salt from login where username="******"'; $result = mysqli_query($db, $sql) or die(mysqli_error($db)); $row = mysqli_fetch_assoc($result); $password = sha1($pass1); $unique_salt = $row['unique_salt']; $hash = myhash($password, $unique_salt); if ($hash == $row['password'] && $pass2 == $pass3) { $newpassword = myhash(sha1($pass2), $row['unique_salt']); $sql = 'UPDATE login set password="******" where username="******"'; mysqli_query($db, $sql) or die(mysqli_error($db)); $error = 0; } else { $error = 1; } } require 'change_pass.html';
function register() { $nickname = z(v('nickname')); $email = z(v('email')); $psw1 = z(v('psw1')); $psw2 = z(v('psw2')); $icode = z(v('icode')); if (!$nickname || !$email || !$psw1) { die('<center style="font-size:12px;">用户名,E-mail,密码不能为空</center>'); } if ($psw1 != $psw2) { die('<center style="font-size:12px;">2次密码输入不一致</center>'); } $psw = $psw1; $this->load->model('User_model', 'user', TRUE); $invite = $this->user->check_invite_code($icode); if (!$invite) { die('<center style="font-size:12px;">邀请函防伪码已经使用过了</center>'); } if (!$this->user->register_save($email, $nickname, $psw)) { die('<center style="font-size:12px;">用户名或者email已被占用</center>'); } $this->user->marked_invite_code($invite['id']); $user_info = $this->user->get_user_by_email($email); $title = '<a href="/user/space/' . $user_info['id'] . '">' . $user_info['u2_nickname'] . '</a>加入了' . c('site_name'); send_to_feed($user_info['id'], 'system_user', $title); $invuid = $invite['u2_uid']; if ($invuid && ($olduser = $this->user->load_user_information_by_uid($invuid))) { $this->user->add_friend($invuid, $user_info['id']); $title = '<a href="/user/space/' . $user_info['id'] . '">' . $user_info['u2_nickname'] . '</a>和<a href="/user/space/' . $olduser['id'] . '">' . $olduser['u2_nickname'] . '</a>成为好友了'; send_to_feed($user_info['id'], 'system_user', $title); } $new_one = array(); $new_one['u2_first_time'] = 1; $new_one['u2_inviter_uid'] = $olduser['id']; $new_one['u2_inviter_nickname'] = $olduser['u2_nickname']; $this->user->login_confirm($email, $psw, $new_one); if (isset($_FILES['picfile']['size']) && $_FILES['picfile']['size'] > 0) { make_user_icon_dir(); $this->load->library('icon'); $this->icon->path = $_FILES['picfile']['tmp_name']; $this->icon->size = 16; $this->icon->dest = get_user_icon_path('small'); $this->icon->createIcon(); $this->icon->size = 48; $this->icon->dest = get_user_icon_path(); $this->icon->createIcon(); $this->icon->size = 100; $this->icon->dest = get_user_icon_path('big'); $this->icon->createIcon(); $time = time(); $source_image = ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '.gif'; copy(get_user_icon_path('small'), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_small.gif'); copy(get_user_icon_path(), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_normal.gif'); copy(get_user_icon_path('big'), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_big.gif'); move_uploaded_file($_FILES['picfile']['tmp_name'], $source_image); $this->user->add_user_upload_pic($time); $title = '<a href="/user/space/' . format_uid() . '">' . _sess('u2_nickname') . '</a>更换了新头像'; send_to_feed(format_uid(), 'system_user', $title, NULL, show_user_icon()); } $uid = $user_info['id']; $place = $uid + 10000; // add the inviter's info //set_cookie( 'x123' , 'er' ); // add money to user bank account // add money $sql = "INSERT INTO `app_ibank_account` ( `uid` , `g_count` , `gold_count` ) VALUES ( '" . $uid . "' , '" . intval(c('user_init_silver')) . "' , '" . intval(c('user_init_gold')) . "' ) "; lazy_run_sql($sql); // add cloth $sql = "INSERT INTO `app_ihome_shop` ( `uid` , `item_id` ) VALUES ( '" . $uid . "' , '844' ) , ( '" . $uid . "' , '879' )"; lazy_run_sql($sql); // add money to inviter $sql = "UPDATE `app_ibank_account` SET `g_count` = `g_count` + " . intval(c('user_invite_g')) . " WHERE `uid` = '" . intval($olduser['id']) . "' LIMIT 1 "; lazy_run_sql($sql); // header("Content-type: text/xml; charset=$charset"); header("Content-type: text/html;charset=utf-8"); echo '<SCRIPT LANGUAGE="JavaScript">window.parent.$("id_icon").setHTML(\'<img src="' . show_user_icon('', $user_info['id']) . '" class="icon"/><br/>' . $nickname . '\');window.parent.$("id_info").setHTML(\'NO. ' . $uid . '<br/>仙豆王国居民东区' . $place . '#\');</SCRIPT>'; echo '<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body><center style="font-size:12px;"><a href="/user/miniblog/" target="_parent">申请成功,赶快到你的小屋去看看吧</a></center></body></html>'; }
function DBNewUser($param, $c = null) { if (isset($param['contestnumber']) && !isset($param['contest'])) { $param['contest'] = $param['contestnumber']; } if (isset($param['sitenumber']) && !isset($param['site'])) { $param['site'] = $param['sitenumber']; } if (isset($param['usernumber']) && !isset($param['user'])) { $param['user'] = $param['usernumber']; } if (isset($param['number']) && !isset($param['user'])) { $param['user'] = $param['number']; } $ac = array('contest', 'site', 'user'); $ac1 = array('updatetime', 'username', 'usericpcid', 'userfull', 'userdesc', 'type', 'enabled', 'multilogin', 'pass', 'permitip', 'changepass', 'userip', 'userlastlogin', 'userlastlogout', 'usersession', 'usersessionextra'); $typei['contest'] = 1; $typei['updatetime'] = 1; $typei['site'] = 1; $typei['user'] = 1; foreach ($ac as $key) { if (!isset($param[$key]) || $param[$key] == "") { MSGError("DBNewUser param error: {$key} not found"); return false; } if (isset($typei[$key]) && !is_numeric($param[$key])) { MSGError("DBNewUser param error: {$key} is not numeric"); return false; } ${$key} = sanitizeText($param[$key]); } $username = "******" . $user; $updatetime = -1; $pass = null; $usericpcid = ''; $userfull = ''; $userdesc = ''; $type = 'team'; $enabled = 'f'; $changepass = '******'; $multilogin = '******'; $permitip = ''; $usersession = null; $usersessionextra = null; $userip = null; $userlastlogin = null; $userlastlogout = null; foreach ($ac1 as $key) { if (isset($param[$key])) { ${$key} = sanitizeText($param[$key]); if (isset($typei[$key]) && !is_numeric($param[$key])) { MSGError("DBNewUser param error: {$key} is not numeric"); return false; } } } $t = time(); if ($updatetime <= 0) { $updatetime = $t; } if ($type != "chief" && $type != "judge" && $type != "admin" && $type != "score" && $type != "staff" && $type != "site") { $type = "team"; } if ($type == "admin") { $changepass = "******"; } if ($enabled != "f") { $enabled = "t"; } if ($multilogin != "t") { $multilogin = "******"; } if ($changepass != "t") { $changepass = "******"; } $cw = false; if ($c == null) { $cw = true; $c = DBConnect(); DBExec($c, "begin work", "DBNewUser(begin)"); } DBExec($c, "lock table usertable", "DBNewUser(lock)"); $r = DBExec($c, "select * from sitetable where sitenumber={$site} and contestnumber={$contest}", "DBNewUser(get site)"); $n = DBnlines($r); if ($n == 0) { DBExec($c, "rollback work", "DBNewUser(no-site)"); MSGError("DBNewUser param error: site {$site} does not exist"); return false; } if ($pass != myhash("") && $type != "admin" && $changepass != "t") { $pass = '******' . $pass; } $r = DBExec($c, "select * from usertable where username='******' and usernumber!={$user} and " . "usersitenumber={$site} and contestnumber={$contest}", "DBNewUser(get user)"); $n = DBnlines($r); $ret = 1; if ($n == 0) { $sql = "select * from usertable where usernumber={$user} and usersitenumber={$site} and " . "contestnumber={$contest}"; $a = DBGetRow($sql, 0, $c); if ($a == null) { $ret = 2; $sql = "select * from sitetable where sitenumber={$site} and contestnumber={$contest}"; $aa = DBGetRow($sql, 0); if ($aa == null) { DBExec($c, "rollback work"); MSGError("Site {$site} does not exist"); return false; } $sql = "insert into usertable (contestnumber, usersitenumber, usernumber, username, usericpcid, userfullname, " . "userdesc, usertype, userenabled, usermultilogin, userpassword, userpermitip) values " . "({$contest}, {$site}, {$user}, '{$username}', '{$usericpcid}', '{$userfull}', '{$userdesc}', '{$type}', '{$enabled}', " . "'{$multilogin}', '{$pass}', '{$permitip}')"; DBExec($c, $sql, "DBNewUser(insert)"); if ($cw) { DBExec($c, "commit work"); } LOGLevel("User {$user} (site={$site},contest={$contest}) included.", 2); } else { if ($updatetime > $a['updatetime']) { $ret = 2; $sql = "update usertable set username='******', usericpcid='{$usericpcid}', userdesc='{$userdesc}', updatetime={$updatetime}, " . "userfullname='{$userfull}', usertype='{$type}', userpermitip='{$permitip}', "; if ($pass != null && $pass != myhash("")) { $sql .= "userpassword='******', "; } if ($usersession != null) { $sql .= "usersession='{$usersession}', "; } if ($usersessionextra != null) { $sql .= "usersessionextra='{$usersessionextra}', "; } if ($userip != null) { $sql .= "userip='{$userip}', "; } if ($userlastlogin != null) { $sql .= "userlastlogin='******', "; } if ($userlastlogout != null) { $sql .= "userlastlogout='{$userlastlogout}', "; } $sql .= "userenabled='{$enabled}', usermultilogin='******'"; $sql .= " where usernumber={$user} and usersitenumber={$site} and contestnumber={$contest}"; $r = DBExec($c, $sql, "DBNewUser(update)"); if ($cw) { DBExec($c, "commit work"); } LOGLevel("User {$user} (username={$username},site={$site},contest={$contest}) updated.", 2); } } } else { DBExec($c, "rollback work"); LOGLevel("Update problem for user {$user} (site={$site},contest={$contest}) (maybe username already in use).", 1); MSGError("Update problem for user {$user}, site {$site} (maybe username already in use)."); return false; } return $ret; }
function get_user_old_url($item) { return '/static/data/hash/user_icon/' . myhash($item['u2_uid']) . $item['u2_pic_name'] . '_normal.gif'; }
<?php /* $Id: hash.php,v 1.1 2004/02/16 14:35:19 tim Exp $ http://www.bagley.org/~doug/shootout/ */ $n = $argc == 2 ? $argv[1] : 100000; myhash($n); function myhash($n) { for ($i = 1; $i <= $n; $i++) { $X[dechex($i)] = $i; } for ($i = $n; $i > 0; $i--) { if ($X[$i]) { $c++; } } print "{$c}\n"; }
$fb_url = $_POST['fb_url']; } if (!($_POST['grade'] >= 9 and $_POST['grade'] <= 12)) { $errors[] = 'You must enter your grade.'; $validation = false; } else { $grade = $_POST['grade']; } if (empty($_POST['whole_schedule_perm']) && $_POST['whole_schedule_perm'] !== '0') { $errors[] = 'You must choose whether you want to allow members to view your entire schedule or not.'; $validation = false; } else { $whole_schedule_perm = $_POST['whole_schedule_perm']; } if ($validation) { $sql = sprintf_escape("SELECT user_id, email, pass FROM " . TABLE_PREFIX . "users WHERE email='%s' AND pass='******';", $email, myhash($current_password)); $result = mysql_query($sql) or trigger_error('Query failed: ' . mysql_error(), E_USER_ERROR); if (mysql_num_rows($result) !== 1 && !empty($_POST['current_password'])) { $errors[] = 'The current password is wrong. Unable to change password.'; $display_form = true; } else { $sql = sprintf_escape("UPDATE " . TABLE_PREFIX . "users SET pass='******', fb_url='%s', grade=%u, whole_schedule_perm=%u WHERE user_id='%u' LIMIT 1", $password, $fb_url, $grade, $whole_schedule_perm, $_SESSION['user_id']); $result = mysql_query($sql) or trigger_error('Query failed: ' . mysql_error(), E_USER_ERROR); ?> <p class="info_notice fadeout">User data updated.<a href="#" class="js closebutton imagelink" ><img src="/images/x.png" /></a></p> <?php if (isset($_COOKIE['sched_user'])) { // user is using 'remember me' feature // update cookie with new information so that it is still valid $domain = $_SERVER['HTTP_HOST'] != 'localhost' ? $config['basedomain'] : false; setcookie("sched_user", $_SESSION['user_id'] . ',' . $password . ',' . md5(md5($_SERVER['HTTP_USER_AGENT']) . SALT), time() + 60 * 60 * 24 * 100, '/', $domain, 0, 0);
function uploadpic($action = NULL) { $this->login_check(); $data = NULL; if ($action == 'save') { if (isset($_FILES['picfile']['size']) && $_FILES['picfile']['size'] > 0) { make_user_icon_dir(); $this->load->library('icon'); $this->icon->path = $_FILES['picfile']['tmp_name']; $this->icon->size = 16; $this->icon->dest = get_user_icon_path('small'); $this->icon->createIcon(); $this->icon->size = 48; $this->icon->dest = get_user_icon_path(); $this->icon->createIcon(); $this->icon->size = 100; $this->icon->dest = get_user_icon_path('big'); $this->icon->createIcon(); $time = time(); $source_image = ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '.gif'; copy(get_user_icon_path('small'), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_small.gif'); copy(get_user_icon_path(), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_normal.gif'); copy(get_user_icon_path('big'), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_big.gif'); move_uploaded_file($_FILES['picfile']['tmp_name'], $source_image); $this->user->add_user_upload_pic($time); $title = '<a href="/user/space/' . format_uid() . '">' . _sess('u2_nickname') . '</a>更换了新头像'; send_to_feed(format_uid(), 'system_user', $title, NULL, show_user_icon()); info_page('<a href="/user/space">' . _text('user_uploadpic_success') . '</a>'); return; } info_page(_text('user_error_uploadpic')); return; } $data['pics'] = $this->user->load_user_photos_by_uid(); $this->view('uploadpic', $data); }
if ($_SESSION["usertable"]["usersitenumber"] == $param['sitenumber'] || $main) { if (DBNewSite($param['contest'], null, $param)) { $oklines++; $param = array(); $param['contest'] = $_SESSION["usertable"]["contestnumber"]; $param['site'] = $ct["contestmainsite"]; $param['username'] = '******' . trim($x[0]); $param['usericpcid'] = trim($x[0]); $param['usernumber'] = trim($x[0]); $param['userfull'] = 'Site connection'; $param['userdesc'] = ''; $param['type'] = 'site'; $param['enabled'] = 't'; $param['multilogin'] = '******'; $userlist[$param['username']] = randstr(10); $param['pass'] = myhash($userlist[$param['username']]); DBNewUser($param); } } } } MSGError($oklines . ' sites included/updated successfully'); if (count($userlist) > 0) { ?> <center> <br><u><b>TAKE NOTE OF THE USERS AND PASSWORDS AND KEEP THEM SECRET</b></u><br><br> <table border=1> <tr> <td><b>Username</b></td> <td><b>Password</b></td> </tr>
} $tasks = explode(",", $siteinfo['sitetasking']); if (count($tasks) == 0 || count($tasks) == 1 && !is_numeric($tasks[0])) { $tasks = array($fromsite); } } else { echo "<!-- <ERROR9> " . session_id() . " " . session_id() . " -->\n"; exit; } if (isset($_POST) && isset($_POST['xml'])) { // $fp=fopen('/tmp/aaa',"w"); fwrite($fp,$_POST['xml']); fclose($fp); $s = decryptData(rawurldecode($_POST['xml']), myhash($_SESSION["usertable"]["userpassword"])); // $fp=fopen('/tmp/aaa1',"w"); fwrite($fp,$s); fclose($fp); $ac = array(); $ac['SITEREC'] = array('site' => $fromsite, 'sitenumber' => 0, 'number' => 0, 'sitename' => 0, 'siteip' => 0, 'siteduration' => 0, 'sitelastmileanswer' => 0, 'sitelastmilescore' => 0, 'siteautoend' => 0, 'siteactive' => 0, 'sitescorelevel' => 0, 'sitepermitlogins' => 0, 'siteautojudge' => 0, 'sitenextuser' => 0, 'sitenextclar' => 0, 'sitenextrun' => 0, 'sitenexttask' => 0, 'sitemaxtask' => 0, 'sitechiefname' => 0, 'updatetime' => 0); $ac['SITETIME'] = array('site' => $fromsite, 'number' => 0, 'start' => 0, 'enddate' => 0, 'updatetime' => 0); $ac['USERREC'] = array('site' => $fromsite, 'user' => 0, 'number' => 0, 'username' => 0, 'usericpcid' => 0, 'userfull' => 0, 'userdesc' => 0, 'type' => 0, 'enabled' => 0, 'multilogin' => 0, 'userip' => 0, 'userlastlogin' => 0, 'userlastlogout' => 0, 'permitip' => 0, 'updatetime' => 0); $ac['CLARREC'] = array('site' => $judges, 'user' => 0, 'number' => 0, 'problem' => 0, 'question' => 0, 'clarnumber' => 0, 'clardate' => 0, 'clardatediff' => 0, 'clardatediffans' => 0, 'claranswer' => 0, 'clarstatus' => 0, 'clarjudge' => 0, 'clarjudgesite' => 0, 'updatetime' => 0); $ac['RUNREC'] = array('site' => $judges, 'user' => 0, 'number' => 0, 'runnumber' => 0, 'problem' => 0, 'lang' => 0, 'filename' => 0, 'filepath' => 0, 'rundate' => 0, 'rundatediff' => 0, 'rundatediffans' => 0, 'runanswer' => 0, 'runstatus' => 0, 'runjudge' => 0, 'runjudgesite' => 0, 'runjudge1' => 0, 'runjudgesite1' => 0, 'runanswer1' => 0, 'runjudge2' => 0, 'runjudgesite2' => 0, 'runanswer2' => 0, 'autoip' => 0, 'autobegindate' => 0, 'autoenddate' => 0, 'autoanswer' => 0, 'autostdout' => 0, 'autostderr' => 0, 'updatetime' => 0); $ac['TASKREC'] = array('site' => $tasks, 'user' => 0, 'desc' => 0, 'number' => 0, 'tasknumber' => 0, 'color' => 0, 'colorname' => 0, 'updatetime' => 0, 'filename' => 0, 'filepath' => 0, 'sys' => 0, 'status' => 0, 'taskdate' => 0, 'taskdatediff' => 0, 'taskdatediffans' => 0, 'taskstaffnumber' => 0, 'taskstaffsite' => 0); if (importFromXML($s, $ac, $_SESSION["usertable"]["contestnumber"])) { echo "<!-- <OK> -->"; } else { echo "<!-- <NOTOK> -->"; } } $xml = generateXML($_SESSION["usertable"]["contestnumber"], 0, $scores); echo encryptData($xml, myhash($_SESSION["usertable"]["userpassword"])); } else { echo "<!-- <ERROR3> " . session_id() . " " . session_id() . " -->\n"; }
ForceLoad($runteam); } $ac = array('contest', 'site', 'user', 'problem', 'lang', 'filename', 'filepath'); $ac1 = array('runnumber', 'rundate', 'rundatediff', 'rundatediffans', 'runanswer', 'runstatus', 'runjudge', 'runjudgesite', 'runjudge1', 'runjudgesite1', 'runanswer1', 'runjudge2', 'runjudgesite2', 'runanswer2', 'autoip', 'autobegindate', 'autoenddate', 'autoanswer', 'autostdout', 'autostderr', 'updatetime'); $param = array('contest' => $_SESSION["usertable"]["contestnumber"], 'site' => $_SESSION["usertable"]["usersitenumber"], 'user' => $_SESSION["usertable"]["usernumber"], 'problem' => $prob, 'lang' => $lang, 'filename' => $name, 'filepath' => $temp); if (isset($_POST['pastcode']) && $_POST['pastcode'] != '') { $pastcode = myhtmlspecialchars($_POST["pastcode"]); if (isset($_POST["pasthash"]) && isset($_POST["pastval"])) { $pasthash = myhtmlspecialchars($_POST["pasthash"]); $pastvalhash = myhtmlspecialchars($_POST["pastvalhash"]); $pastval = myhtmlspecialchars($_POST["pastval"]); $pastabs = myhtmlspecialchars($_POST["pastabs"]); if (is_readable($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) { $pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastval); if ($pastsubmission != $pastvalhash) { $pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastabs); if ($pastsubmission != $pasthash) { echo "\nRESULT: INVALID SUBMISSION CODE"; exit; } } } else { $pastval = 0; } } else { $pastval = 0; } $verify = $pastcode . '-' . $name . '-' . $_SESSION["usertable"]["contestnumber"] . '-' . $_SESSION["usertable"]["usersitenumber"] . '-' . $_SESSION["usertable"]["usernumber"]; $fcname = $_SESSION["locr"] . $ds . "private" . $ds . 'laterun-submitted-' . $_SESSION["usertable"]["contestnumber"] . '-' . $_SESSION["usertable"]["usersitenumber"] . '-' . $_SESSION["usertable"]["usernumber"] . '.txt'; $codes = @file($fcname, FILE_IGNORE_NEW_LINES); if (in_array($verify, $codes)) {
echo "<script>window.close();</script></html>"; exit; } if (!isset($_GET["oid"]) || !is_numeric($_GET["oid"]) || !isset($_GET["filename"]) || !isset($_GET["check"]) || $_GET["check"] == "") { echo "<html><head><title>View Page</title>"; IntrusionNotify("Bad parameters in filewindow.php"); echo "<script>window.close();</script></html>"; exit; } $cf = globalconf(); $fname = decryptData(rawurldecode($_GET["filename"]), session_id() . $cf["key"]); $msg = ''; if (isset($_GET["msg"])) { $msg = rawurldecode($_GET["msg"]); } $p = myhash($_GET["oid"] . $fname . $msg . session_id() . $cf["key"]); if ($p != $_GET["check"]) { echo "<html><head><title>View Page</title>"; IntrusionNotify("Parameters modified in filewindow.php"); echo "<script>window.close();</script></html>"; exit; } require_once "db.php"; if ($_GET["oid"] >= 0) { $c = DBConnect(); DBExec($c, "begin work"); if (($lo = DB_lo_open($c, $_GET["oid"], "r")) === false) { echo "<html><head><title>View Page</title>"; DBExec($c, "rollback work"); LOGError("Unable to download file (" . basename($fname) . ")"); MSGError("Unable to download file (" . basename($fname) . ")");
$param['userfull'] = trim($tmp[1]); break; case "userdesc": $param['userdesc'] = trim($tmp[1]); break; case "usertype": $param['type'] = trim($tmp[1]); break; case "userenabled": $param['enabled'] = trim($tmp[1]); break; case "usermultilogin": $param['multilogin'] = trim($tmp[1]); break; case "userpassword": $param['pass'] = myhash(trim($tmp[1])); break; case "userchangepassword": $param['changepass'] = trim($tmp[1]); break; case "userip": $param['permitip'] = trim($tmp[1]); break; } $i++; if ($i >= count($ar)) { break; } $x = trim($ar[$i]); } $param['contest'] = $_SESSION["usertable"]["contestnumber"];
function getMainXML($username, $sess, $pass, $pass2) { $c = DBConnect(); if ($c == null) { return array(false, ""); } $contest = $_SESSION["usertable"]["contestnumber"]; $r = DBExec($c, "select * from contesttable where contestnumber={$contest}"); if (DBnLines($r) == 0) { echo "Unable to find the contest {$contest} in the database.\n"; exit; } $ct = DBRow($r, 0); $localsite = $ct["contestlocalsite"]; $mainsite = $ct["contestmainsite"]; $siteurl = $ct['contestmainsiteurl'] . '/site/get.php'; // if ($mainsite==$localsite) return array(true,""); /* $r = DBExec($c, "select * from sitetable where sitenumber=".$mainsite." and contestnumber=$contest"); if (DBnLines($r)==0) { echo "Unable to find the main site in the database (site=$mainsite, contest=$contest).\n"; exit; } $st = DBRow($r,0); $siteurl = $st["siteip"] . '/site/get.php'; */ if (substr($siteurl, 0, 7) != 'http://') { $siteurl = 'http://' . $siteurl; } if ($sess == '') { // MSGError('session empty'); $s = file_get_contents($siteurl); if ($s === false) { return array(false, '', ''); } // MSGError($s); $t = strtok($s, " \t"); while ($t !== false && substr($t, 0, 8) != '<SESSION' && substr($t, 0, 6) != '<ERROR' && $t != '<OK>' && $t != '<NOTOK>') { echo $t . " "; $t = strtok(" \t"); } if ($t === false) { return array(false, '', ''); } echo $t . " -->\n"; if (substr($t, 0, 8) == '<SESSION') { $id = strtok(" \t"); return array(false, $id, $id); } else { return array(false, '', ''); } } if ($pass == $pass2) { // MSGError('equal'); $opts = array('http' => array('method' => 'GET', 'header' => 'Cookie: PHPSESSID=' . $sess)); $context = stream_context_create($opts); $s = file_get_contents($siteurl . '?name=' . $username . '&password='******'&check=nocheck', 0, $context); } else { $data = encryptData(generateXML($contest), myhash($pass2)); $data_url = http_build_query(array('xml' => $data, 'name' => $username, 'password' => $pass, 'check' => myhash($pass . $pass2))); $opts = array('http' => array('method' => 'POST', 'header' => 'Cookie: PHPSESSID=' . $sess . "\r\nContent-Type: application/x-www-form-urlencoded", 'content' => $data_url)); $context = stream_context_create($opts); $s = file_get_contents($siteurl, 0, $context); } if ($s === false) { return array(false, "", ''); } // MSGError('OPA1: ' . $s); $t = strtok($s, " \t"); while ($t !== false && substr($t, 0, 8) != '<SESSION' && substr($t, 0, 6) != '<ERROR' && $t != '<OK>' && $t != '<NOTOK>') { echo $t . " "; $t = strtok(" \t"); } if ($t === false) { return array(false, '', ''); } echo $t . " -->\n"; if (substr($t, 0, 6) == "<ERROR") { $id = strtok(" \t"); if ($id === false) { return array(false, '', ''); } return array(false, $id, ""); } if (substr($t, 0, 8) == "<SESSION") { $id = strtok(" \t"); if ($id === false) { return array(false, '', ''); } $idextra = strtok(" \t"); if ($idextra === false) { return array(false, '', ''); } // MSGError("id=$id idextra=$idextra"); return array(false, $id, $idextra); } $id = strtok(" \t"); if ($id === false) { return array(false, '', ''); } //MSGError('OPA2: ' . $s); if ($pass2 != '') { $s = decryptData($id, myhash($pass2)); } if (strtoupper(substr($s, 0, 5)) != "<XML>") { return array(false, '', $t); } return array(true, $s, $t); }
<?php include "./db_conn.php"; $input = file_get_contents("php://input"); $input = json_decode($input, true); if (strlen($input[2]) < 6) { die("minleng err"); } if (strlen($input[3]) < 6) { die("minleng err"); } sleep(1); $input[2] = myhash($input[2]); $input[3] = myhash($input[3]); if (update_userpass($input)) { die("success"); } else { die("authenticate failed.."); } function myhash($v) { global $salt; return md5($salt . $v); } function get_userdata($userid) { $userid = mysql_real_escape_string($userid); $result = mysql_query("select * from users where userid = '{$userid}'"); $row = mysql_fetch_row($result); return $row; }