$questionid[84] = "您的初恋情人叫什么名字?";
$questionid[85] = "您驾照的末四位是什么?";
$questionid[86] = "您母亲的姓名叫什么?";
$questionid[87] = "您母亲的生日是哪一天?";
$questionid[88] = "您父亲的生日是哪一天?";
$logincheck = 0;
include 'includes/config.php';
require_once 'classes/class.phpmailer.php';
if (isset($_SESSION['loginuser']) && !empty($_SESSION['loginuser'])) {
$logincheck = 1;
}
$date = date('Y-m-d H:i:s');
if ($logincheck == 1) {
if (!isset($_SESSION['lastmail']) || isset($_SESSION['lastmail']) && !empty($_SESSION['lastmail']) && strtotime($date) - strtotime($_SESSION['lastmail']) >= 60) {
$user = mysqli_real_escape_string($dbconnect, htmlspecialchars($_SESSION['loginuser']));
$rowtemp = queryRow("SELECT * FROM `users` WHERE `user_name`='{$user}'");
if ($rowtemp) {
if ($rowtemp['user_email_checked'] == 0) {
$user = $rowtemp['user_name'];
$user_id = $rowtemp['user_id'];
$passwd = "************";
$question1 = $rowtemp['user_question'];
$emailadd = $rowtemp['user_email'];
$user_email_checkid = $rowtemp['user_email_checkid'];
$mailtxtcheckurl = SITEHOST . "mailcheck.php?userid={$user_id}&checkcode={$user_email_checkid}";
$mailtxt = "本邮件为系统自动发送,您的战网在线安全令账号已经创建,本邮件是您申请重新发送邮箱验证邮件时正常发出的<br><br>" . "您的用户名为:{$user}<br><br>" . "您的用户ID为:{$user_id}<br><br>" . "您的密码为:" . $passwd . " (已隐藏)<br><br>" . "您的安全问题为:" . $questionid[$question1] . "<br><br>" . "您的安全问题答案:(已隐藏)<br><br>" . "您的邮箱地址为:{$emailadd}<br><br>" . "您的账号已经创建,为了今后能顺利管理账号,请点击以下链接确认您的邮箱地址<br><br>" . "<a href='{$mailtxtcheckurl}' target='_blank'>{$mailtxtcheckurl}</a><br><br>" . "如果这不是您操作的,请忽略次邮件,绝对不要点击以上链接。<br><br>" . "本邮件为自动发送,请不要回复,因为没人会看的。<br><br>" . "竹井詩織里<br><br>" . date('Y-m-d');
echo send_mail("战网安全令在线版邮箱验证邮件", $mailtxt, $emailadd, 0, 4);
$_SESSION['lastmail'] = $date;
} else {
echo "2";
//已经确认了
}
if (check_data('authid', 'get') && ctype_digit($_GET['authid'])) {
$authid = $_GET['authid'];
}
if (!is_null($user_id) && !is_null($authid)) {
$sql = "SELECT * FROM `authdata` WHERE `user_id`='{$user_id}' AND `auth_id`='{$authid}'";
$row = queryRow($sql);
}
if ($row) {
$time = date('Y-m-d H:i:s');
$region = $row['region'];
if ($region != "CN" && $region != "EU") {
$region = "US";
}
$sql = "SELECT * FROM `synctime` WHERE `region`='{$region}'";
$rowSYNC = queryRow($sql);
if (strtotime($time) - strtotime($rowSYNC['last_sync']) > 86400) {
$auth = Authenticator::factory($row['serial'], $row['secret']);
$sql = "UPDATE `synctime` SET `sync`=\"" . $auth->getsync() . "\" ,`last_sync`=\"{$time}\" WHERE `region`='{$region}'";
update($sql);
} else {
$auth = Authenticator::factory($row['serial'], $row['secret'], $rowSYNC['sync']);
}
//显示数据
header('Content-type: text/json');
$wait = $auth->sleeptime() / 1000;
$arr = array('code' => $auth->code(), 'time' => $wait);
echo json_encode($arr);
} else {
header('Content-type: text/json');
$wait = 0;
}
$_SESSION['letters_code'] = rand();
} else {
if (isset($_SESSION['loginuser']) && !empty($_SESSION['loginuser'])) {
$logincheck = 1;
} elseif (isset($_COOKIE['loginname']) && isset($_COOKIE['loginid']) && $_COOKIE['loginname'] != "" && $_COOKIE['loginid'] != "") {
$user = mysqli_real_escape_string($dbconnect, htmlspecialchars($_COOKIE['loginname']));
$cookievalue = mysqli_real_escape_string($dbconnect, htmlspecialchars($_COOKIE['loginid'], ENT_QUOTES));
$sql = "SELECT * FROM `cookiedata` WHERE `user_name`='{$user}' AND `user_cookie` ='{$cookievalue}'";
$result = queryRow($sql);
if ($result) {
$rowtemp = $result;
$timedifference = time() - strtotime($rowtemp['login_time']);
if ($timedifference <= 30 * 24 * 60 * 60) {
$sql = "SELECT * FROM `users` WHERE `user_name`='{$user}'";
$rowtemp = queryRow($sql);
$user_thistimelogin_ip = $rowtemp['user_thistimelogin_ip'];
$user_thislogin_time = $rowtemp['user_thislogin_time'];
$user_right = $rowtemp['user_right'];
if ($user_right == 1) {
if ($timedifference > 1800) {
$sql = "DELETE FROM `cookiedata` WHERE `user_name`='{$user}' AND `user_cookie` ='{$cookievalue}'";
delete($sql);
setcookie("loginname", "", time() - 3600, "/");
setcookie("loginid", "", time() - 3600, "/");
$logincheck = 0;
} else {
$logincheck = 1;
$userip = getIP();
$sql = "UPDATE `cookiedata` SET `user_login_ip`='{$userip}' WHERE `user_name`='{$user}' AND `user_cookie` ='{$cookievalue}'";
update($sql);
if (check_data('authid', 'get') && ctype_digit($_GET['authid'])) {
$authid = $_GET['authid'];
}
if (!is_null($user_id) && !is_null($authid)) {
$sql = "SELECT * FROM `authdata` WHERE `user_id`='{$user_id}' AND `auth_id`='{$authid}'";
$row = queryRow($sql);
}
header('Content-type: text/json');
if ($logincheck == 1 && $user_right != 1) {
if ($row) {
$sendbackauthid = $row['auth_id'];
if ($row['auth_moren'] == 1) {
$sql = "DELETE FROM `authdata` WHERE `user_id`={$user_id} AND `auth_id`={$authid}";
delete($sql);
$sql = "SELECT * FROM `authdata` WHERE `user_id`='{$user_id}' AND `auth_moren`=0";
$rowa = queryRow($sql);
if ($rowa) {
$newauthmorenid = $rowa['auth_id'];
$sql = "UPDATE `authdata` SET `auth_moren`= 1 WHERE `user_id`='{$user_id}' AND `auth_id` = '{$newauthmorenid}' AND `auth_moren`=0";
update($sql);
$arr = array('oldmorendeleted' => 1, 'newmorenid' => $newauthmorenid, 'deleteauid' => $sendbackauthid, 'result' => 1);
echo json_encode($arr);
} else {
$arr = array('oldmorendeleted' => 1, 'newmorenid' => -1, 'deleteauid' => $sendbackauthid, 'result' => 1);
echo json_encode($arr);
}
} else {
$sql = "DELETE FROM `authdata` WHERE `user_id`={$user_id} AND `auth_id`={$authid}";
delete($sql);
$arr = array('oldmorendeleted' => 0, 'newmorenid' => -1, 'deleteauid' => $sendbackauthid, 'result' => 1);
echo json_encode($arr);
<?php
//fix
require_once 'classes/Authenticator.php';
include 'includes/config.php';
$topnavvalue = "添加安全令";
include 'includes/html_toubu/html_toubu.php';
include 'includes/page_inc/header_normal.php';
if ($logincheck == 0) {
$navurladd = SITEHOST . "welcome.php";
$topnavvalue = "WELCOME";
include 'includes/page_inc/welcome_inc.php';
} else {
$query = "SELECT * FROM `users` WHERE `user_name`='{$user}'";
$rowtemp = queryRow($query);
$user_id = $rowtemp['user_id'];
$user_right = $rowtemp['user_right'];
$sql = "SELECT * FROM `authdata` WHERE `user_id`='{$user_id}'";
if (queryNum_rows($sql) < MOST_AUTH) {
try {
include 'includes/auth_add/authadd_bykey.php';
//生成AUTH用
} catch (Exception $exc) {
$authaddbykeyerrorid = 5;
}
} else {
$authaddbykeyerrorid = 6;
}
switch ($authaddbykeyerrorid) {
case 0:
$jumptxt = "还原成功,即将跳转到该安全令页面。";
defined("ZHANGXUAN") or die("no hacker.");
$resetpsdpostdataerror = -1;
//1:隐藏数据用户ID和令牌错误,2邮箱错误,3两个密码不同,4用户不存在,5令牌失效
if ($resetmod == 2) {
if (ctype_digit($_POST["user_id"]) && checkcode($_POST['user_token'])) {
$emailadd = db_iconv('oldPassword');
if (valid_email($emailadd)) {
$userid = $_POST["user_id"];
$usertoken = $_POST['user_token'];
$passwordA = db_iconv('newPassword');
$passwordB = db_iconv('newPasswordVerify');
if ($passwordA == $passwordB) {
$unmd5newpassword = getunencryptpass($passwordA);
$newpassword = md5($unmd5newpassword);
$sql = "SELECT * FROM `users` WHERE `user_id`='{$userid}'";
$row = queryRow($sql);
if ($row) {
$username = $row['user_name'];
if ($usertoken == $row['user_psd_reset_token'] && $row['user_psd_reset_token_used'] == 0) {
$newtoken = randstr();
$sql = "UPDATE `users` SET `user_pass`='{$newpassword}',`user_psd_reset_token`='{$newtoken}',`user_psd_reset_token_used`=1 WHERE `user_id`='{$userid}'";
update($sql);
if (isset($_COOKIE['loginname']) && isset($_COOKIE['loginid']) && $_COOKIE['loginname'] != "" && $_COOKIE['loginid'] != "") {
$usertmp = mysqli_real_escape_string($dbconnect, htmlspecialchars($_COOKIE['loginname']));
$cookievalue = mysqli_real_escape_string($dbconnect, htmlspecialchars($_COOKIE['loginid'], ENT_QUOTES));
$sql = "DELETE FROM `cookiedata` WHERE `user_name`='{$usertmp}' AND `user_cookie` ='{$cookievalue}'";
delete($sql);
}
if (isset($_SESSION['loginuser']) && $_SESSION['loginuser'] != "") {
unset($_SESSION['loginuser']);
}
for ($i = 0; $i <= $size; $i++) {
$sum += $board[$row][$i];
}
return $sum;
}
function queryCol($board, $col, $size)
{
$sum = 0;
for ($i = 0; $i <= $size; $i++) {
$sum += $board[$i][$col];
}
return $sum;
}
$fh = fopen($argv[1], "r");
while (!feof($fh)) {
$test = fgets($fh);
$command = explode(" ", $test);
if ($command[0] == "SetCol") {
$board = setCol($board, $command[1], trim($command[2]), $size);
}
if ($command[0] == "SetRow") {
$board = setRow($board, $command[1], trim($command[2]), $size);
}
if ($command[0] == "QueryRow") {
echo queryRow($board, trim($command[1]), $size) . "\n";
}
if ($command[0] == "QueryCol") {
echo queryCol($board, trim($command[1]), $size) . "\n";
}
}
fclose($fh);
defined("ZHANGXUAN") or die("no hacker.");
@session_start();
$pwdfinderrorid = -1;
//1验证码错误,2用户不存在4输入错误,3信息与数据库中的不一样,5用户名存在非法字符,用户名仅允许使用中文、数字、字母、下划线,6发送邮件失败
if (check_data('letters_code') && md5(strtolower($_POST["letters_code"])) == $_SESSION['letters_code']) {
//验证码正确才能继续搞啊
if (check_data('firstName') && check_data('email') && check_data('question1') && check_data('answer1')) {
//要有数据啊
if (checkzhongwenzimushuzixiahuaxian($_POST["firstName"]) && checkquestionvalue($_POST['question1']) && valid_email($_POST["email"])) {
$user = db_iconv("firstName", 'post', true, true);
$emailadd = db_iconv("email");
$question1 = db_iconv("question1");
$answer1 = db_iconv("answer1");
$emailfind = randstr();
$sql = "SELECT * FROM `users` WHERE `user_name`='{$user}'";
$rowuserdata = queryRow($sql);
if ($rowuserdata) {
if ($rowuserdata['user_email'] == $emailadd && $rowuserdata['user_question'] == $question1 && $rowuserdata['user_answer'] == $answer1) {
$userid = $rowuserdata['user_id'];
$sql = "UPDATE `users` SET `user_email_find_code`='{$emailfind}',`user_email_find_mode`='1' WHERE `user_id`='{$userid}'";
update($sql);
$findurl = SITEHOST . "findpwdmail.php?userid={$userid}&pwdcheckid={$emailfind}";
$mailtxt = "本邮件为系统自动发送,您正在申请重置您账号的密码<br><br>" . "您的用户名为:{$user}<br><br>" . "您的用户ID为:{$userid}<br><br>" . "您的邮箱地址为:{$emailadd}<br><br>" . "您还需要最后一步,点击以下链接,前往密码重置页面重置您的密码。<br><br>" . "<a href='{$findurl}' target='_blank'>{$findurl}</a><br><br>" . "如果这不是您操作的,请忽略本邮件,绝对不要点击以上链接。<br><br>" . "本邮件为自动发送,请不要回复,因为没人会看的。<br><br>" . "竹井詩織里<br><br>" . date('Y-m-d');
$pwdfinderrorid = send_mail('战网安全令在线版重置密码链接邮件', $mailtxt, $emailadd, 0, 6);
} else {
$pwdfinderrorid = 3;
}
} else {
$pwdfinderrorid = 2;
}
} else {
function check_post_password($encryptpassword, $username)
{
$decodedpassword = getunencryptpass($encryptpassword);
$unixtime = substr($decodedpassword, strlen($decodedpassword) - 10);
if (check_vaild_post_unixtime($unixtime, $username) == false) {
return false;
}
$sql = "SELECT * FROM `users` where `user_name`='{$username}'";
$row = queryRow($sql);
$md5password = $row['user_pass'];
$data1 = $md5password . RSA_SALT . $unixtime;
$data2 = md5($data1) . $unixtime;
if ($data2 === $decodedpassword) {
return true;
}
return false;
}
}
} else {
echo "<a href='login.php' onclick='return Login.open()'>登入</a> 或 <a href='" . SITEHOST . "register.php'>注册一个账号</a></li><li class='top-core top-data'><a href='" . SITEHOST . "faq.php'>FAQ</a></li><li class='top-core top-data'><a href='" . SITEHOST . "account.php'>账号管理</a></li><li class='top-core top-final'><a href='" . SITEHOST . "donate.php'>捐赠</a>";
}
}
if (check_data('authid', 'get')) {
if ($logincheck == 1) {
if (ctype_digit($_GET['authid'])) {
//不是整数不通过,防止SQL注入
$auth_id = $_GET['authid'];
$sql = "SELECT * FROM `users` WHERE `user_name`='{$user}'";
$rowtemp = queryRow($sql);
$user_id = $rowtemp['user_id'];
$user_right = $rowtemp['user_right'];
$sql = "SELECT * FROM `authdata` WHERE `user_id`='{$user_id}' AND `auth_id`='{$auth_id}'";
$rowauth = queryRow($sql);
if ($rowauth) {
//是你的
$autherrid = 0;
//没错
} else {
$autherrid = 1;
//1不是你所有的安全令
}
} else {
$autherrid = 2;
//2错误的GET数据
}
} else {
$autherrid = 3;
//3他妈没登入就想玩啊
function tableshowtext($logincheck, $user)
{
if ($logincheck == 1) {
$returntxt = "";
$imgurl[0] = "resources/img/bga.png";
$imgurl[1] = "resources/img/wow-32.png";
$imgurl[2] = "resources/img/s2-32.png";
$imgurl[3] = "resources/img/d3-32.png";
$imgurl[4] = "resources/img/pegasus-32.png";
$imgurl[5] = "resources/img/heroes-32.png";
$sql = "SELECT * FROM `users` WHERE `user_name`='{$user}'";
$rowtemp = queryRow($sql);
$user_id = $rowtemp['user_id'];
$user_right = $rowtemp['user_right'];
$sql = "SELECT * FROM `authdata` WHERE `user_id`='{$user_id}' LIMIT 20";
$result = queryArray($sql);
foreach ($result as $rowauth) {
if ($rowauth['auth_img'] < 1 || $rowauth['auth_img'] > 5 || $rowauth['auth_img'] != intval($rowauth['auth_img'])) {
$rowauth['auth_img'] = 0;
}
if ($rowauth['auth_moren'] == 1) {
$namebeizhu = "<img class='morenauthleftpic' src='" . SITEHOST . "resources/img/moren.png'>";
$txtbuttonmoren = '<button id="morenauthbutton' . $rowauth['auth_id'] . '" class="ui-button button1" disabled="disabled" onclick="authmoren(' . $rowauth['auth_id'] . ')"><span class="button-left"><span id="morenanquanlin' . $rowauth['auth_id'] . '" class="button-right">已为默认</span></span></button>';
} else {
$namebeizhu = "";
$txtbuttonmoren = '<button id="morenauthbutton' . $rowauth['auth_id'] . '" class="ui-button button1" onclick="authmoren(' . $rowauth['auth_id'] . ')"><span class="button-left"><span id="morenanquanlin' . $rowauth['auth_id'] . '" class="button-right">设置默认</span></span></button>';
}
$linkuel = 'onclick="location.href = \'' . SITEHOST . 'normalauth.php?authid=' . $rowauth['auth_id'] . '\'"';
$txtdisabalebut = "";
$onclickdata = 'authsync(' . $rowauth['auth_id'] . ')';
$returntxt = $returntxt . '<tr class="parent-row" id="henxiangtr' . $rowauth['auth_id'] . '">
<td ' . $linkuel . ' class="normaltd authbianhao" valign="top"><img class="tdimgauth" src="' . $imgurl[$rowauth['auth_img']] . '" alt=""> <a class="authida" href="normalauth.php?authid=' . $rowauth['auth_id'] . '">' . $rowauth['auth_id'] . '</a></td>
<td class="normaltd authmincheng" valign="top"><span id="morenpicspan' . $rowauth['auth_id'] . '">' . $namebeizhu . '</span><span ondblclick="ShowElement(this,' . $rowauth['auth_id'] . ')" id="authnamecode' . $rowauth['auth_id'] . '">' . $rowauth['auth_name'] . '</span></td>
<td ' . $linkuel . ' class="normaltd authxuliehao" valign="top"><span>';
if ($user_right == 0) {
$returntxt .= $rowauth['serial'];
} else {
$returntxt .= "共享账号无权查看";
}
$returntxt .= '</span></td>
<td ' . $linkuel . ' class="normaltd authhuanyuanma" valign="top"><span>';
if ($user_right == 0) {
$returntxt .= $rowauth['restore_code'];
} else {
$returntxt .= "无权查看";
}
$returntxt .= '</span></td>
<td ' . $linkuel . ' class="normaltd authshangcitongbushijian" valign="top"><span id="authshangcitongbushijian' . $rowauth['auth_id'] . '">' . chinesetime($rowauth['region']) . '</span></td>
<td valign="top" class="align-center">
<button id="authsyncbutton' . $rowauth['auth_id'] . '" class="ui-button button1" onclick="' . $onclickdata . '" ' . $txtdisabalebut . '><span class="button-left"><span id="jiaochenshijian' . $rowauth['auth_id'] . '" class="button-right">校正时间</span></span></button>
</td>
<td valign="top" class="align-center">
' . $txtbuttonmoren . '</td>
<td valign="top" class="align-center">
<button id="authdelbutton' . $rowauth['auth_id'] . '" class="ui-button button1" onclick="if(confirm(\'提交后将删除这枚安全令,除重新添加外无其他恢复方法,确定吗?\')) authdelete(' . $rowauth['auth_id'] . ') ;else return false;"><span class="button-left"><span id="shanchuauth' . $rowauth['auth_id'] . '" class="button-right">确认删除</span></span></button>
</td>
</tr>';
}
return $returntxt;
} else {
return "";
}
}
<?php
//fix
defined("ZHANGXUAN") or die("no hacker.");
session_start();
$findpsdbymailerrorid = -1;
//1密钥过期,2密钥错误,3信息不完整
if (check_data('userid', 'get') && check_data('pwdcheckid', 'get')) {
if (ctype_digit($_GET["userid"]) && checkcode($_GET["pwdcheckid"])) {
$userid = db_iconv('userid', 'get', true, true);
$checkcode = db_iconv("pwdcheckid", 'get', true, true);
$sql = "SELECT * FROM `users` WHERE `user_id`='{$userid}'";
$rowmailpsd = queryRow($sql);
if ($rowmailpsd['user_email_find_mode'] == 1) {
if ($rowmailpsd['user_email_find_code'] == $checkcode) {
$newtoken = randstr();
$newtokenA = randstr();
$sql = "UPDATE `users` SET `user_psd_reset_token`='{$newtoken}',`user_email_find_code`='{$newtokenA}',`user_email_find_mode`=0,`user_psd_reset_token_used`= '0' WHERE `user_id`='{$userid}'";
update($sql);
$findpsdbymailerrorid = 0;
} else {
$findpsdbymailerrorid = 2;
}
} else {
$findpsdbymailerrorid = 1;
}
}
} else {
$findpsdbymailerrorid = 3;
}