function decryptData($crypttext, $key, $txt = '')
{
$crypttext = base64_decode($crypttext);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$test1 = '';
$test2 = 'x';
$clen = strlen($crypttext);
if ($clen > $iv_size) {
$iv = substr($crypttext, $clen - $iv_size, $iv_size);
$crypttext = substr($crypttext, 0, $clen - $iv_size);
$key = myhash($key . "123456789012345678901234567890");
// . myhash($key);
$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, substr(pack("H*", $key), 0, 32), $crypttext, MCRYPT_MODE_CBC, $iv);
$pos = strrpos($decrypttext, "#");
$iscompressed = false;
if (substr($decrypttext, $pos - 1, 1) == '@') {
$iscompressed = true;
}
$ll = strlen(myshorthash("x"));
$test2 = substr($decrypttext, $pos - 1 - $ll, $ll);
$decrypttext = substr($decrypttext, 0, $pos - 1 - $ll);
$test1 = myshorthash($decrypttext);
}
if ($test1 != $test2) {
if ($txt == '') {
MSGError("Decryption error -- contact an admin now (" . getFunctionName() . ")");
}
// LogError("Decryption error -- contact an admin, possibly password wrong (" . getFunctionName() .",$txt)");
return "";
}
if ($iscompressed) {
return unzipstr($decrypttext);
}
return $decrypttext;
}
function filedownload($oid, $fname, $msg = '')
{
$cf = globalconf();
$if = rawurlencode(encryptData($fname, session_id() . $cf['key'], false));
$p = myhash($oid . $fname . $msg . session_id() . $cf["key"]);
$str = "oid=" . $oid . "&filename=" . $if . "&check=" . $p;
if ($msg != '') {
$str .= "&msg=" . rawurlencode($msg);
}
return $str;
}
function DisplayVotingForm()
{
?>
<form action="/voting.php">
My first choice is:
<input type=radio name="choice1" VALUE="A">A
<input type=radio name="choice1" VALUE="B">B
<input type=radio name="choice1" VALUE="C">C
<hr>
My second choice is:
<input type=radio name="choice2" VALUE="A">A
<input type=radio name="choice2" VALUE="B">B
<input type=radio name="choice2" VALUE="C">C
<hr>
My third choice is:
<input type=radio name="choice3" VALUE="A">A
<input type=radio name="choice3" VALUE="B">B
<input type=radio name="choice3" VALUE="C">C
<INPUT TYPE=hidden name="hash" VALUE="<?php
global $User;
echo myhash($User->id);
?>
">
<hr>
<INPUT TYPE=SUBMIT VALUE="submit">
</form>
<?php
}
function userSettings($user, $email = null, $addr = null, $pass = null, $twofa = null)
{
global $fld_sep;
$tmo = false;
$flds = array('username' => $user);
if ($email != null) {
$flds['email'] = $email;
}
if ($addr != null) {
$rows = count($addr);
$i = 0;
foreach ($addr as $ar) {
$flds['address:' . $i] = $ar['addr'];
// optional - missing = blank
if (isset($ar['payname'])) {
$flds['payname:' . $i] = str_replace($fld_sep, ' ', trim($ar['payname']));
}
// optional - missing = use default
if (isset($ar['ratio'])) {
$flds['ratio:' . $i] = $ar['ratio'];
}
$i++;
}
$flds['rows'] = $rows;
$tmo = 3;
# 3x the timeout
}
if ($pass != null) {
$flds['passwordhash'] = myhash($pass);
if (nuem($twofa)) {
$twofa = 0;
}
$flds['2fa'] = $twofa;
}
$msg = msgEncode('usersettings', 'userset', $flds, $user);
$rep = sendsockreply('userSettings', $msg, $tmo);
if (!$rep) {
dbdown();
}
return repDecode($rep);
}
function DBLogInContest($name, $pass, $contest, $msg = true)
{
$b = DBGetRow("select * from contesttable where contestnumber={$contest}", 0, null, "DBLogIn(get active contest)");
if ($b == null) {
LOGLevel("There is no contest {$contest}.", 0);
if ($msg) {
MSGError("There is no contest {$contest}, contact an admin.");
}
return false;
}
$d = DBSiteInfo($b["contestnumber"], $b["contestlocalsite"], null, false);
if ($d == null) {
if ($msg) {
MSGError("There is no active site, contact an admin.");
}
return false;
}
$a = DBGetRow("select * from usertable where username='******' and contestnumber=" . $b["contestnumber"] . " and " . "usersitenumber=" . $b["contestlocalsite"], 0, null, "DBLogIn(get user)");
if ($a == null) {
if ($msg) {
LOGLevel("User {$name} tried to log in contest {$contest} but it does not exist.", 2);
MSGError("User does not exist or incorrect password.");
}
return false;
}
$a = DBUserInfo($b["contestnumber"], $b["contestlocalsite"], $a['usernumber'], null, false);
$_SESSION['usertable'] = $a;
$p = myhash($a["userpassword"] . session_id());
$_SESSION['usertable']['userpassword'] = $p;
if ($a["userpassword"] != "" && $p != $pass) {
LOGLevel("User {$name} tried to log in contest {$contest} but password was incorrect.", 2);
if ($msg) {
MSGError("Incorrect password.");
}
unset($_SESSION["usertable"]);
return false;
}
if ($d["sitepermitlogins"] == "f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") {
LOGLevel("User {$name} tried to login contest {$contest} but logins are denied.", 2);
if ($msg) {
MSGError("Logins are not allowed.");
}
unset($_SESSION["usertable"]);
return false;
}
if ($a["userenabled"] != "t") {
LOGLevel("User {$name} tried to log in contest {$contest} but it is disabled.", 2);
if ($msg) {
MSGError("User disabled.");
}
unset($_SESSION["usertable"]);
return false;
}
$gip = getIP();
if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") {
LOGLevel("User {$name} is using two different IPs: " . $a["userip"] . "(" . dateconv($a["userlastlogin"]) . ") and " . $gip, 1);
if ($msg && $a["usertype"] != "admin") {
MSGError("You are using two distinct IPs. Admin notified.");
}
}
if ($a["userpermitip"] != "") {
$ips = explode(';', $a["userpermitip"]);
$gips = explode(';', $gip);
if (count($gips) < count($ips)) {
IntrusionNotify("Invalid IP: " . $gip);
ForceLoad("index.php");
}
for ($ipss = 0; $ipss < count($ips); $ipss++) {
$gipi = $gips[$ipss];
$ipi = $ips[$ipss];
if (!match_network($ipi, $gipi)) {
IntrusionNotify("Invalid IP: " . $gip);
ForceLoad("index.php");
}
}
}
$c = DBConnect();
$t = time();
if ($a["usertype"] == "team" && $a["usermultilogin"] != "t" && $a["userpermitip"] == "") {
$r = DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userpermitip='" . $gip . "'," . "userlastlogin={$t}, usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update session)");
} else {
DBExec($c, "begin work");
$sql = "update usertable set usersessionextra='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"] . " and (usersessionextra='' or userip != '" . $gip . "' or userlastlogin<=" . ($t - 86400) . ")";
DBExec($c, $sql);
DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userlastlogin={$t}, " . "usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update user)");
if ($name == 'admin') {
list($clockstr, $clocktime) = siteclock();
if ($clocktime < -600) {
DBExec($c, "update contesttable set contestunlockkey='' where contestnumber=" . $b["contestnumber"], "DBLogInContest(update contest)");
}
}
DBExec($c, "commit work");
}
LOGLevel("User {$name} authenticated (" . $gip . ")", 2);
return $a;
}
exit;
}
if (!isset($getx['check'])) {
ob_end_flush();
echo "<!-- <ERROR2> " . session_id() . " " . session_id() . " -->\n";
exit;
}
} else {
ob_end_flush();
LogLevel("Init connection by IP " . getIP(), 2);
echo "<!-- <SESSION1> " . session_id() . " " . session_id() . " -->\n";
exit;
}
}
if (!ValidSession()) {
ob_end_flush();
InvalidSession("site/index.php");
ForceLoad("../index.php");
exit;
}
if (isset($getx['check']) && isset($getx["password"]) && $getx['check'] != myhash($getx["password"] . $_SESSION['usertable']['userpassword'])) {
ob_end_flush();
echo "<!-- <SESSION2> " . session_id() . " " . $_SESSION['usertable']['usersessionextra'] . " -->\n";
exit;
}
if ($_SESSION["usertable"]["usertype"] != "site") {
ob_end_flush();
IntrusionNotify("site/index.php");
ForceLoad("../index.php");
exit;
}
require 'db_constants.php';
require 'db_inc.php';
function myhash($password, $unique_salt)
{
$hash = sha1($unique_salt . $password);
for ($i = 0; $i < 1000; $i++) {
$hash = sha1($hash);
}
return $hash;
}
if (isset($_POST['submit'])) {
$error = 0;
$pass1 = trim($_POST['cpassword']);
$pass2 = trim($_POST['npassword']);
$pass3 = trim($_POST['napassword']);
$sql = 'select password,unique_salt from login where username="******"';
$result = mysqli_query($db, $sql) or die(mysqli_error($db));
$row = mysqli_fetch_assoc($result);
$password = sha1($pass1);
$unique_salt = $row['unique_salt'];
$hash = myhash($password, $unique_salt);
if ($hash == $row['password'] && $pass2 == $pass3) {
$newpassword = myhash(sha1($pass2), $row['unique_salt']);
$sql = 'UPDATE login set password="******" where username="******"';
mysqli_query($db, $sql) or die(mysqli_error($db));
$error = 0;
} else {
$error = 1;
}
}
require 'change_pass.html';
function register()
{
$nickname = z(v('nickname'));
$email = z(v('email'));
$psw1 = z(v('psw1'));
$psw2 = z(v('psw2'));
$icode = z(v('icode'));
if (!$nickname || !$email || !$psw1) {
die('<center style="font-size:12px;">用户名,E-mail,密码不能为空</center>');
}
if ($psw1 != $psw2) {
die('<center style="font-size:12px;">2次密码输入不一致</center>');
}
$psw = $psw1;
$this->load->model('User_model', 'user', TRUE);
$invite = $this->user->check_invite_code($icode);
if (!$invite) {
die('<center style="font-size:12px;">邀请函防伪码已经使用过了</center>');
}
if (!$this->user->register_save($email, $nickname, $psw)) {
die('<center style="font-size:12px;">用户名或者email已被占用</center>');
}
$this->user->marked_invite_code($invite['id']);
$user_info = $this->user->get_user_by_email($email);
$title = '<a href="/user/space/' . $user_info['id'] . '">' . $user_info['u2_nickname'] . '</a>加入了' . c('site_name');
send_to_feed($user_info['id'], 'system_user', $title);
$invuid = $invite['u2_uid'];
if ($invuid && ($olduser = $this->user->load_user_information_by_uid($invuid))) {
$this->user->add_friend($invuid, $user_info['id']);
$title = '<a href="/user/space/' . $user_info['id'] . '">' . $user_info['u2_nickname'] . '</a>和<a href="/user/space/' . $olduser['id'] . '">' . $olduser['u2_nickname'] . '</a>成为好友了';
send_to_feed($user_info['id'], 'system_user', $title);
}
$new_one = array();
$new_one['u2_first_time'] = 1;
$new_one['u2_inviter_uid'] = $olduser['id'];
$new_one['u2_inviter_nickname'] = $olduser['u2_nickname'];
$this->user->login_confirm($email, $psw, $new_one);
if (isset($_FILES['picfile']['size']) && $_FILES['picfile']['size'] > 0) {
make_user_icon_dir();
$this->load->library('icon');
$this->icon->path = $_FILES['picfile']['tmp_name'];
$this->icon->size = 16;
$this->icon->dest = get_user_icon_path('small');
$this->icon->createIcon();
$this->icon->size = 48;
$this->icon->dest = get_user_icon_path();
$this->icon->createIcon();
$this->icon->size = 100;
$this->icon->dest = get_user_icon_path('big');
$this->icon->createIcon();
$time = time();
$source_image = ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '.gif';
copy(get_user_icon_path('small'), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_small.gif');
copy(get_user_icon_path(), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_normal.gif');
copy(get_user_icon_path('big'), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_big.gif');
move_uploaded_file($_FILES['picfile']['tmp_name'], $source_image);
$this->user->add_user_upload_pic($time);
$title = '<a href="/user/space/' . format_uid() . '">' . _sess('u2_nickname') . '</a>更换了新头像';
send_to_feed(format_uid(), 'system_user', $title, NULL, show_user_icon());
}
$uid = $user_info['id'];
$place = $uid + 10000;
// add the inviter's info
//set_cookie( 'x123' , 'er' );
// add money to user bank account
// add money
$sql = "INSERT INTO `app_ibank_account` ( `uid` , `g_count` , `gold_count` ) VALUES ( '" . $uid . "' , '" . intval(c('user_init_silver')) . "' , '" . intval(c('user_init_gold')) . "' ) ";
lazy_run_sql($sql);
// add cloth
$sql = "INSERT INTO `app_ihome_shop` ( `uid` , `item_id` ) VALUES ( '" . $uid . "' , '844' ) , ( '" . $uid . "' , '879' )";
lazy_run_sql($sql);
// add money to inviter
$sql = "UPDATE `app_ibank_account` SET `g_count` = `g_count` + " . intval(c('user_invite_g')) . " WHERE `uid` = '" . intval($olduser['id']) . "' LIMIT 1 ";
lazy_run_sql($sql);
// header("Content-type: text/xml; charset=$charset");
header("Content-type: text/html;charset=utf-8");
echo '<SCRIPT LANGUAGE="JavaScript">window.parent.$("id_icon").setHTML(\'<img src="' . show_user_icon('', $user_info['id']) . '" class="icon"/><br/>' . $nickname . '\');window.parent.$("id_info").setHTML(\'NO. ' . $uid . '<br/>仙豆王国居民东区' . $place . '#\');</SCRIPT>';
echo '<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body><center style="font-size:12px;"><a href="/user/miniblog/" target="_parent">申请成功,赶快到你的小屋去看看吧</a></center></body></html>';
}
function DBNewUser($param, $c = null)
{
if (isset($param['contestnumber']) && !isset($param['contest'])) {
$param['contest'] = $param['contestnumber'];
}
if (isset($param['sitenumber']) && !isset($param['site'])) {
$param['site'] = $param['sitenumber'];
}
if (isset($param['usernumber']) && !isset($param['user'])) {
$param['user'] = $param['usernumber'];
}
if (isset($param['number']) && !isset($param['user'])) {
$param['user'] = $param['number'];
}
$ac = array('contest', 'site', 'user');
$ac1 = array('updatetime', 'username', 'usericpcid', 'userfull', 'userdesc', 'type', 'enabled', 'multilogin', 'pass', 'permitip', 'changepass', 'userip', 'userlastlogin', 'userlastlogout', 'usersession', 'usersessionextra');
$typei['contest'] = 1;
$typei['updatetime'] = 1;
$typei['site'] = 1;
$typei['user'] = 1;
foreach ($ac as $key) {
if (!isset($param[$key]) || $param[$key] == "") {
MSGError("DBNewUser param error: {$key} not found");
return false;
}
if (isset($typei[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewUser param error: {$key} is not numeric");
return false;
}
${$key} = sanitizeText($param[$key]);
}
$username = "******" . $user;
$updatetime = -1;
$pass = null;
$usericpcid = '';
$userfull = '';
$userdesc = '';
$type = 'team';
$enabled = 'f';
$changepass = '******';
$multilogin = '******';
$permitip = '';
$usersession = null;
$usersessionextra = null;
$userip = null;
$userlastlogin = null;
$userlastlogout = null;
foreach ($ac1 as $key) {
if (isset($param[$key])) {
${$key} = sanitizeText($param[$key]);
if (isset($typei[$key]) && !is_numeric($param[$key])) {
MSGError("DBNewUser param error: {$key} is not numeric");
return false;
}
}
}
$t = time();
if ($updatetime <= 0) {
$updatetime = $t;
}
if ($type != "chief" && $type != "judge" && $type != "admin" && $type != "score" && $type != "staff" && $type != "site") {
$type = "team";
}
if ($type == "admin") {
$changepass = "******";
}
if ($enabled != "f") {
$enabled = "t";
}
if ($multilogin != "t") {
$multilogin = "******";
}
if ($changepass != "t") {
$changepass = "******";
}
$cw = false;
if ($c == null) {
$cw = true;
$c = DBConnect();
DBExec($c, "begin work", "DBNewUser(begin)");
}
DBExec($c, "lock table usertable", "DBNewUser(lock)");
$r = DBExec($c, "select * from sitetable where sitenumber={$site} and contestnumber={$contest}", "DBNewUser(get site)");
$n = DBnlines($r);
if ($n == 0) {
DBExec($c, "rollback work", "DBNewUser(no-site)");
MSGError("DBNewUser param error: site {$site} does not exist");
return false;
}
if ($pass != myhash("") && $type != "admin" && $changepass != "t") {
$pass = '******' . $pass;
}
$r = DBExec($c, "select * from usertable where username='******' and usernumber!={$user} and " . "usersitenumber={$site} and contestnumber={$contest}", "DBNewUser(get user)");
$n = DBnlines($r);
$ret = 1;
if ($n == 0) {
$sql = "select * from usertable where usernumber={$user} and usersitenumber={$site} and " . "contestnumber={$contest}";
$a = DBGetRow($sql, 0, $c);
if ($a == null) {
$ret = 2;
$sql = "select * from sitetable where sitenumber={$site} and contestnumber={$contest}";
$aa = DBGetRow($sql, 0);
if ($aa == null) {
DBExec($c, "rollback work");
MSGError("Site {$site} does not exist");
return false;
}
$sql = "insert into usertable (contestnumber, usersitenumber, usernumber, username, usericpcid, userfullname, " . "userdesc, usertype, userenabled, usermultilogin, userpassword, userpermitip) values " . "({$contest}, {$site}, {$user}, '{$username}', '{$usericpcid}', '{$userfull}', '{$userdesc}', '{$type}', '{$enabled}', " . "'{$multilogin}', '{$pass}', '{$permitip}')";
DBExec($c, $sql, "DBNewUser(insert)");
if ($cw) {
DBExec($c, "commit work");
}
LOGLevel("User {$user} (site={$site},contest={$contest}) included.", 2);
} else {
if ($updatetime > $a['updatetime']) {
$ret = 2;
$sql = "update usertable set username='******', usericpcid='{$usericpcid}', userdesc='{$userdesc}', updatetime={$updatetime}, " . "userfullname='{$userfull}', usertype='{$type}', userpermitip='{$permitip}', ";
if ($pass != null && $pass != myhash("")) {
$sql .= "userpassword='******', ";
}
if ($usersession != null) {
$sql .= "usersession='{$usersession}', ";
}
if ($usersessionextra != null) {
$sql .= "usersessionextra='{$usersessionextra}', ";
}
if ($userip != null) {
$sql .= "userip='{$userip}', ";
}
if ($userlastlogin != null) {
$sql .= "userlastlogin='******', ";
}
if ($userlastlogout != null) {
$sql .= "userlastlogout='{$userlastlogout}', ";
}
$sql .= "userenabled='{$enabled}', usermultilogin='******'";
$sql .= " where usernumber={$user} and usersitenumber={$site} and contestnumber={$contest}";
$r = DBExec($c, $sql, "DBNewUser(update)");
if ($cw) {
DBExec($c, "commit work");
}
LOGLevel("User {$user} (username={$username},site={$site},contest={$contest}) updated.", 2);
}
}
} else {
DBExec($c, "rollback work");
LOGLevel("Update problem for user {$user} (site={$site},contest={$contest}) (maybe username already in use).", 1);
MSGError("Update problem for user {$user}, site {$site} (maybe username already in use).");
return false;
}
return $ret;
}
function get_user_old_url($item)
{
return '/static/data/hash/user_icon/' . myhash($item['u2_uid']) . $item['u2_pic_name'] . '_normal.gif';
}
<?php
/*
$Id: hash.php,v 1.1 2004/02/16 14:35:19 tim Exp $
http://www.bagley.org/~doug/shootout/
*/
$n = $argc == 2 ? $argv[1] : 100000;
myhash($n);
function myhash($n)
{
for ($i = 1; $i <= $n; $i++) {
$X[dechex($i)] = $i;
}
for ($i = $n; $i > 0; $i--) {
if ($X[$i]) {
$c++;
}
}
print "{$c}\n";
}
$fb_url = $_POST['fb_url'];
}
if (!($_POST['grade'] >= 9 and $_POST['grade'] <= 12)) {
$errors[] = 'You must enter your grade.';
$validation = false;
} else {
$grade = $_POST['grade'];
}
if (empty($_POST['whole_schedule_perm']) && $_POST['whole_schedule_perm'] !== '0') {
$errors[] = 'You must choose whether you want to allow members to view your entire schedule or not.';
$validation = false;
} else {
$whole_schedule_perm = $_POST['whole_schedule_perm'];
}
if ($validation) {
$sql = sprintf_escape("SELECT user_id, email, pass FROM " . TABLE_PREFIX . "users WHERE email='%s' AND pass='******';", $email, myhash($current_password));
$result = mysql_query($sql) or trigger_error('Query failed: ' . mysql_error(), E_USER_ERROR);
if (mysql_num_rows($result) !== 1 && !empty($_POST['current_password'])) {
$errors[] = 'The current password is wrong. Unable to change password.';
$display_form = true;
} else {
$sql = sprintf_escape("UPDATE " . TABLE_PREFIX . "users SET pass='******', fb_url='%s', grade=%u, whole_schedule_perm=%u WHERE user_id='%u' LIMIT 1", $password, $fb_url, $grade, $whole_schedule_perm, $_SESSION['user_id']);
$result = mysql_query($sql) or trigger_error('Query failed: ' . mysql_error(), E_USER_ERROR);
?>
<p class="info_notice fadeout">User data updated.<a href="#" class="js closebutton imagelink" ><img src="/images/x.png" /></a></p>
<?php
if (isset($_COOKIE['sched_user'])) {
// user is using 'remember me' feature
// update cookie with new information so that it is still valid
$domain = $_SERVER['HTTP_HOST'] != 'localhost' ? $config['basedomain'] : false;
setcookie("sched_user", $_SESSION['user_id'] . ',' . $password . ',' . md5(md5($_SERVER['HTTP_USER_AGENT']) . SALT), time() + 60 * 60 * 24 * 100, '/', $domain, 0, 0);
function uploadpic($action = NULL)
{
$this->login_check();
$data = NULL;
if ($action == 'save') {
if (isset($_FILES['picfile']['size']) && $_FILES['picfile']['size'] > 0) {
make_user_icon_dir();
$this->load->library('icon');
$this->icon->path = $_FILES['picfile']['tmp_name'];
$this->icon->size = 16;
$this->icon->dest = get_user_icon_path('small');
$this->icon->createIcon();
$this->icon->size = 48;
$this->icon->dest = get_user_icon_path();
$this->icon->createIcon();
$this->icon->size = 100;
$this->icon->dest = get_user_icon_path('big');
$this->icon->createIcon();
$time = time();
$source_image = ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '.gif';
copy(get_user_icon_path('small'), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_small.gif');
copy(get_user_icon_path(), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_normal.gif');
copy(get_user_icon_path('big'), ROOT . 'static/data/hash/user_icon/' . myhash() . $time . '_big.gif');
move_uploaded_file($_FILES['picfile']['tmp_name'], $source_image);
$this->user->add_user_upload_pic($time);
$title = '<a href="/user/space/' . format_uid() . '">' . _sess('u2_nickname') . '</a>更换了新头像';
send_to_feed(format_uid(), 'system_user', $title, NULL, show_user_icon());
info_page('<a href="/user/space">' . _text('user_uploadpic_success') . '</a>');
return;
}
info_page(_text('user_error_uploadpic'));
return;
}
$data['pics'] = $this->user->load_user_photos_by_uid();
$this->view('uploadpic', $data);
}
if ($_SESSION["usertable"]["usersitenumber"] == $param['sitenumber'] || $main) {
if (DBNewSite($param['contest'], null, $param)) {
$oklines++;
$param = array();
$param['contest'] = $_SESSION["usertable"]["contestnumber"];
$param['site'] = $ct["contestmainsite"];
$param['username'] = '******' . trim($x[0]);
$param['usericpcid'] = trim($x[0]);
$param['usernumber'] = trim($x[0]);
$param['userfull'] = 'Site connection';
$param['userdesc'] = '';
$param['type'] = 'site';
$param['enabled'] = 't';
$param['multilogin'] = '******';
$userlist[$param['username']] = randstr(10);
$param['pass'] = myhash($userlist[$param['username']]);
DBNewUser($param);
}
}
}
}
MSGError($oklines . ' sites included/updated successfully');
if (count($userlist) > 0) {
?>
<center>
<br><u><b>TAKE NOTE OF THE USERS AND PASSWORDS AND KEEP THEM SECRET</b></u><br><br>
<table border=1>
<tr>
<td><b>Username</b></td>
<td><b>Password</b></td>
</tr>
}
$tasks = explode(",", $siteinfo['sitetasking']);
if (count($tasks) == 0 || count($tasks) == 1 && !is_numeric($tasks[0])) {
$tasks = array($fromsite);
}
} else {
echo "<!-- <ERROR9> " . session_id() . " " . session_id() . " -->\n";
exit;
}
if (isset($_POST) && isset($_POST['xml'])) {
// $fp=fopen('/tmp/aaa',"w"); fwrite($fp,$_POST['xml']); fclose($fp);
$s = decryptData(rawurldecode($_POST['xml']), myhash($_SESSION["usertable"]["userpassword"]));
// $fp=fopen('/tmp/aaa1',"w"); fwrite($fp,$s); fclose($fp);
$ac = array();
$ac['SITEREC'] = array('site' => $fromsite, 'sitenumber' => 0, 'number' => 0, 'sitename' => 0, 'siteip' => 0, 'siteduration' => 0, 'sitelastmileanswer' => 0, 'sitelastmilescore' => 0, 'siteautoend' => 0, 'siteactive' => 0, 'sitescorelevel' => 0, 'sitepermitlogins' => 0, 'siteautojudge' => 0, 'sitenextuser' => 0, 'sitenextclar' => 0, 'sitenextrun' => 0, 'sitenexttask' => 0, 'sitemaxtask' => 0, 'sitechiefname' => 0, 'updatetime' => 0);
$ac['SITETIME'] = array('site' => $fromsite, 'number' => 0, 'start' => 0, 'enddate' => 0, 'updatetime' => 0);
$ac['USERREC'] = array('site' => $fromsite, 'user' => 0, 'number' => 0, 'username' => 0, 'usericpcid' => 0, 'userfull' => 0, 'userdesc' => 0, 'type' => 0, 'enabled' => 0, 'multilogin' => 0, 'userip' => 0, 'userlastlogin' => 0, 'userlastlogout' => 0, 'permitip' => 0, 'updatetime' => 0);
$ac['CLARREC'] = array('site' => $judges, 'user' => 0, 'number' => 0, 'problem' => 0, 'question' => 0, 'clarnumber' => 0, 'clardate' => 0, 'clardatediff' => 0, 'clardatediffans' => 0, 'claranswer' => 0, 'clarstatus' => 0, 'clarjudge' => 0, 'clarjudgesite' => 0, 'updatetime' => 0);
$ac['RUNREC'] = array('site' => $judges, 'user' => 0, 'number' => 0, 'runnumber' => 0, 'problem' => 0, 'lang' => 0, 'filename' => 0, 'filepath' => 0, 'rundate' => 0, 'rundatediff' => 0, 'rundatediffans' => 0, 'runanswer' => 0, 'runstatus' => 0, 'runjudge' => 0, 'runjudgesite' => 0, 'runjudge1' => 0, 'runjudgesite1' => 0, 'runanswer1' => 0, 'runjudge2' => 0, 'runjudgesite2' => 0, 'runanswer2' => 0, 'autoip' => 0, 'autobegindate' => 0, 'autoenddate' => 0, 'autoanswer' => 0, 'autostdout' => 0, 'autostderr' => 0, 'updatetime' => 0);
$ac['TASKREC'] = array('site' => $tasks, 'user' => 0, 'desc' => 0, 'number' => 0, 'tasknumber' => 0, 'color' => 0, 'colorname' => 0, 'updatetime' => 0, 'filename' => 0, 'filepath' => 0, 'sys' => 0, 'status' => 0, 'taskdate' => 0, 'taskdatediff' => 0, 'taskdatediffans' => 0, 'taskstaffnumber' => 0, 'taskstaffsite' => 0);
if (importFromXML($s, $ac, $_SESSION["usertable"]["contestnumber"])) {
echo "<!-- <OK> -->";
} else {
echo "<!-- <NOTOK> -->";
}
}
$xml = generateXML($_SESSION["usertable"]["contestnumber"], 0, $scores);
echo encryptData($xml, myhash($_SESSION["usertable"]["userpassword"]));
} else {
echo "<!-- <ERROR3> " . session_id() . " " . session_id() . " -->\n";
}
ForceLoad($runteam);
}
$ac = array('contest', 'site', 'user', 'problem', 'lang', 'filename', 'filepath');
$ac1 = array('runnumber', 'rundate', 'rundatediff', 'rundatediffans', 'runanswer', 'runstatus', 'runjudge', 'runjudgesite', 'runjudge1', 'runjudgesite1', 'runanswer1', 'runjudge2', 'runjudgesite2', 'runanswer2', 'autoip', 'autobegindate', 'autoenddate', 'autoanswer', 'autostdout', 'autostderr', 'updatetime');
$param = array('contest' => $_SESSION["usertable"]["contestnumber"], 'site' => $_SESSION["usertable"]["usersitenumber"], 'user' => $_SESSION["usertable"]["usernumber"], 'problem' => $prob, 'lang' => $lang, 'filename' => $name, 'filepath' => $temp);
if (isset($_POST['pastcode']) && $_POST['pastcode'] != '') {
$pastcode = myhtmlspecialchars($_POST["pastcode"]);
if (isset($_POST["pasthash"]) && isset($_POST["pastval"])) {
$pasthash = myhtmlspecialchars($_POST["pasthash"]);
$pastvalhash = myhtmlspecialchars($_POST["pastvalhash"]);
$pastval = myhtmlspecialchars($_POST["pastval"]);
$pastabs = myhtmlspecialchars($_POST["pastabs"]);
if (is_readable($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) {
$pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastval);
if ($pastsubmission != $pastvalhash) {
$pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastabs);
if ($pastsubmission != $pasthash) {
echo "\nRESULT: INVALID SUBMISSION CODE";
exit;
}
}
} else {
$pastval = 0;
}
} else {
$pastval = 0;
}
$verify = $pastcode . '-' . $name . '-' . $_SESSION["usertable"]["contestnumber"] . '-' . $_SESSION["usertable"]["usersitenumber"] . '-' . $_SESSION["usertable"]["usernumber"];
$fcname = $_SESSION["locr"] . $ds . "private" . $ds . 'laterun-submitted-' . $_SESSION["usertable"]["contestnumber"] . '-' . $_SESSION["usertable"]["usersitenumber"] . '-' . $_SESSION["usertable"]["usernumber"] . '.txt';
$codes = @file($fcname, FILE_IGNORE_NEW_LINES);
if (in_array($verify, $codes)) {
echo "<script>window.close();</script></html>";
exit;
}
if (!isset($_GET["oid"]) || !is_numeric($_GET["oid"]) || !isset($_GET["filename"]) || !isset($_GET["check"]) || $_GET["check"] == "") {
echo "<html><head><title>View Page</title>";
IntrusionNotify("Bad parameters in filewindow.php");
echo "<script>window.close();</script></html>";
exit;
}
$cf = globalconf();
$fname = decryptData(rawurldecode($_GET["filename"]), session_id() . $cf["key"]);
$msg = '';
if (isset($_GET["msg"])) {
$msg = rawurldecode($_GET["msg"]);
}
$p = myhash($_GET["oid"] . $fname . $msg . session_id() . $cf["key"]);
if ($p != $_GET["check"]) {
echo "<html><head><title>View Page</title>";
IntrusionNotify("Parameters modified in filewindow.php");
echo "<script>window.close();</script></html>";
exit;
}
require_once "db.php";
if ($_GET["oid"] >= 0) {
$c = DBConnect();
DBExec($c, "begin work");
if (($lo = DB_lo_open($c, $_GET["oid"], "r")) === false) {
echo "<html><head><title>View Page</title>";
DBExec($c, "rollback work");
LOGError("Unable to download file (" . basename($fname) . ")");
MSGError("Unable to download file (" . basename($fname) . ")");
$param['userfull'] = trim($tmp[1]);
break;
case "userdesc":
$param['userdesc'] = trim($tmp[1]);
break;
case "usertype":
$param['type'] = trim($tmp[1]);
break;
case "userenabled":
$param['enabled'] = trim($tmp[1]);
break;
case "usermultilogin":
$param['multilogin'] = trim($tmp[1]);
break;
case "userpassword":
$param['pass'] = myhash(trim($tmp[1]));
break;
case "userchangepassword":
$param['changepass'] = trim($tmp[1]);
break;
case "userip":
$param['permitip'] = trim($tmp[1]);
break;
}
$i++;
if ($i >= count($ar)) {
break;
}
$x = trim($ar[$i]);
}
$param['contest'] = $_SESSION["usertable"]["contestnumber"];
function getMainXML($username, $sess, $pass, $pass2)
{
$c = DBConnect();
if ($c == null) {
return array(false, "");
}
$contest = $_SESSION["usertable"]["contestnumber"];
$r = DBExec($c, "select * from contesttable where contestnumber={$contest}");
if (DBnLines($r) == 0) {
echo "Unable to find the contest {$contest} in the database.\n";
exit;
}
$ct = DBRow($r, 0);
$localsite = $ct["contestlocalsite"];
$mainsite = $ct["contestmainsite"];
$siteurl = $ct['contestmainsiteurl'] . '/site/get.php';
// if ($mainsite==$localsite) return array(true,"");
/*
$r = DBExec($c, "select * from sitetable where sitenumber=".$mainsite." and contestnumber=$contest");
if (DBnLines($r)==0) {
echo "Unable to find the main site in the database (site=$mainsite, contest=$contest).\n";
exit;
}
$st = DBRow($r,0);
$siteurl = $st["siteip"] . '/site/get.php';
*/
if (substr($siteurl, 0, 7) != 'http://') {
$siteurl = 'http://' . $siteurl;
}
if ($sess == '') {
// MSGError('session empty');
$s = file_get_contents($siteurl);
if ($s === false) {
return array(false, '', '');
}
// MSGError($s);
$t = strtok($s, " \t");
while ($t !== false && substr($t, 0, 8) != '<SESSION' && substr($t, 0, 6) != '<ERROR' && $t != '<OK>' && $t != '<NOTOK>') {
echo $t . " ";
$t = strtok(" \t");
}
if ($t === false) {
return array(false, '', '');
}
echo $t . " -->\n";
if (substr($t, 0, 8) == '<SESSION') {
$id = strtok(" \t");
return array(false, $id, $id);
} else {
return array(false, '', '');
}
}
if ($pass == $pass2) {
// MSGError('equal');
$opts = array('http' => array('method' => 'GET', 'header' => 'Cookie: PHPSESSID=' . $sess));
$context = stream_context_create($opts);
$s = file_get_contents($siteurl . '?name=' . $username . '&password='******'&check=nocheck', 0, $context);
} else {
$data = encryptData(generateXML($contest), myhash($pass2));
$data_url = http_build_query(array('xml' => $data, 'name' => $username, 'password' => $pass, 'check' => myhash($pass . $pass2)));
$opts = array('http' => array('method' => 'POST', 'header' => 'Cookie: PHPSESSID=' . $sess . "\r\nContent-Type: application/x-www-form-urlencoded", 'content' => $data_url));
$context = stream_context_create($opts);
$s = file_get_contents($siteurl, 0, $context);
}
if ($s === false) {
return array(false, "", '');
}
// MSGError('OPA1: ' . $s);
$t = strtok($s, " \t");
while ($t !== false && substr($t, 0, 8) != '<SESSION' && substr($t, 0, 6) != '<ERROR' && $t != '<OK>' && $t != '<NOTOK>') {
echo $t . " ";
$t = strtok(" \t");
}
if ($t === false) {
return array(false, '', '');
}
echo $t . " -->\n";
if (substr($t, 0, 6) == "<ERROR") {
$id = strtok(" \t");
if ($id === false) {
return array(false, '', '');
}
return array(false, $id, "");
}
if (substr($t, 0, 8) == "<SESSION") {
$id = strtok(" \t");
if ($id === false) {
return array(false, '', '');
}
$idextra = strtok(" \t");
if ($idextra === false) {
return array(false, '', '');
}
// MSGError("id=$id idextra=$idextra");
return array(false, $id, $idextra);
}
$id = strtok(" \t");
if ($id === false) {
return array(false, '', '');
}
//MSGError('OPA2: ' . $s);
if ($pass2 != '') {
$s = decryptData($id, myhash($pass2));
}
if (strtoupper(substr($s, 0, 5)) != "<XML>") {
return array(false, '', $t);
}
return array(true, $s, $t);
}
<?php
include "./db_conn.php";
$input = file_get_contents("php://input");
$input = json_decode($input, true);
if (strlen($input[2]) < 6) {
die("minleng err");
}
if (strlen($input[3]) < 6) {
die("minleng err");
}
sleep(1);
$input[2] = myhash($input[2]);
$input[3] = myhash($input[3]);
if (update_userpass($input)) {
die("success");
} else {
die("authenticate failed..");
}
function myhash($v)
{
global $salt;
return md5($salt . $v);
}
function get_userdata($userid)
{
$userid = mysql_real_escape_string($userid);
$result = mysql_query("select * from users where userid = '{$userid}'");
$row = mysql_fetch_row($result);
return $row;
}
