function security()
{
$_SESSION['verify'] = strtolower(randStr(4));
loadLib('Image');
Image::verify($_SESSION['verify'], 50, 33);
//Image::security($_SESSION['verify'], 80, 35, 20, CORE_PATH.'font/t1.ttf');
}
/**
* Generate and return a token, save it to session.
*
* @param string $key Name of the key.
*
* @return string
*/
public function generate($key = '')
{
$token = base64_encode(time() . sha1(md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'])) . randStr(255));
if (empty($_SESSION['CSRF_' . $key])) {
$_SESSION['CSRF_' . $key] = $token;
return $token;
} else {
return $_SESSION['CSRF_' . $key];
}
}
/**
**
**生成验证码
**/
function yanzhengmaAction()
{
//session_register('SafeCode');
$type = 'png';
$width = 50;
$height = 20;
//header("Content-type: image/".$type);
@ob_end_clean();
srand((double) microtime() * 1000000);
$randval = randStr(4, "");
if ($type != 'png' && function_exists('imagecreatetruecolor')) {
$im = @imagecreatetruecolor($width, $height);
} else {
$im = @imagecreate($width, $height);
}
$r = array(225, 211, 255, 223);
$g = array(225, 236, 237, 215);
$b = array(225, 236, 166, 125);
$key = rand(0, 3);
$backColor = ImageColorAllocate($im, $r[$key], $g[$key], $b[$key]);
//背景色(随机)
$borderColor = ImageColorAllocate($im, 0, 0, 0);
//边框色
$pointColor = ImageColorAllocate($im, 255, 170, 255);
//点颜色
@imagefilledrectangle($im, 0, 0, $width - 1, $height - 1, $backColor);
//背景位置
@imagerectangle($im, 0, 0, $width - 1, $height - 1, $borderColor);
//边框位置
$stringColor = ImageColorAllocate($im, 255, 51, 153);
for ($i = 0; $i <= 100; $i++) {
$pointX = rand(2, $width - 2);
$pointY = rand(2, $height - 2);
@imagesetpixel($im, $pointX, $pointY, $pointColor);
}
@imagestring($im, 5, 5, 3, $randval, $stringColor);
$ImageFun = 'Image' . $type;
$ImageFun($im);
@ImageDestroy($im);
$_SESSION['SafeCode'] = $randval;
//产生随机字符串
@flush();
@ob_flush();
exit;
}
/**
* 散列存储
* @param $savePath - 本地保存的路径
* @param $fileName - 原始文件名
* @param $isHashSaving - 是否散列存储。
* @param $randomFileName - 是否生成随机的Hash文件名。
* @return array
**/
function hashFileSavePath($savePath, $fileName = '', $isHashSaving = true, $randomFileName = true)
{
$hashFileName = $randomFileName ? md5(randStr(20) . $fileName . getMicrotime() . uniqid()) : md5($fileName);
$fileSaveDir = $savePath;
$hashFilePath = '';
//是否散列存储。
if ($isHashSaving) {
$hashFilePath = substr($hashFileName, 0, 1) . DIRECTORY_SEPARATOR . substr($hashFileName, 1, 2);
$fileSaveDir = $savePath . DIRECTORY_SEPARATOR . $hashFilePath;
}
$fileInfo = array("file_path" => $hashFilePath, "file_name" => $hashFileName, "error" => 0);
if (!is_dir($fileSaveDir)) {
$result = mkdir($fileSaveDir, 0777, true);
if (!$result) {
$fileInfo["error"] = 1;
}
}
return $fileInfo;
}
function writeinto($info)
{
$infoarr = json_decode($info, true);
$flag = new M('flag');
$count = $flag->find("openid='" . $infoarr['openid'] . "'", '*', 'count');
$sqlarr = array("nickname" => bin2hex($infoarr['nickname']), "avatar" => $infoarr['headimgurl'], "fakeid" => randStr(), "sex" => $infoarr['sex'], "fromtype" => 'weixin', "datetime" => time(), "flag" => "2");
if (isset($infoarr['shadyphone'])) {
$shady = new M('cj_shady');
$shadyarr = $shady->find("phone=" . $infoarr['shadyphone']);
if (empty($shadyarr)) {
$addarr = array('phone' => $infoarr['shadyphone'], 'shady' => $shadyarr['grade']);
$sqlarr = array_merge($sqlarr, $addarr);
}
}
if ($count) {
$savve = $flag->update("openid='" . $infoarr['openid'] . "'", $sqlarr);
}
if ($savve) {
echo "ok";
}
}
public function picUpload()
{
$result = array();
if (count($_POST)) {
$result['post'] = $_POST;
}
if (count($_FILES)) {
$result['files'] = $_FILES;
}
// Validation
$error = false;
if (!isset($_FILES['Filedata']) || !is_uploaded_file($_FILES['Filedata']['tmp_name'])) {
$error = 'Invalid Upload';
exit;
}
// Processing start
$photo = $_FILES['Filedata'];
$time = SYS_TIME;
$year = date('Y', $time);
$month = date('m', $time);
$day = date('d', $time);
$pathInfo = upFileFolders($time);
$dstFolder = $pathInfo['path'];
$rand = randStr(4);
$dstFile = $dstFolder . $time . $rand . $photo['name'];
//the size of file uploaded must under 1M
if ($photo['size'] > 3000000) {
$error = '图片太大不能超过3M';
exit;
}
//save the temporary file
@move_uploaded_file($photo['tmp_name'], $dstFile);
//
//自动缩放
$imgInfo = @getimagesize($dstFile);
$maxPicWidth = intval(loadConfig('cmsContent', 'maxPicWidth'));
$maxPicWidth = $maxPicWidth < 1 ? 500 : $maxPicWidth;
if ($imgInfo[0] > $maxPicWidth) {
$newWidth = $maxPicWidth;
$newHeight = $imgInfo[1] * $newWidth / $imgInfo[0];
} else {
$newWidth = $imgInfo[0];
$newHeight = $imgInfo[1];
}
bpBase::loadSysClass('image');
bpBase::loadSysClass('watermark');
image::zfResize($dstFile, $dstFolder . $time . $rand . '.jpg', $newWidth, $newHeight, 1, 2, 0, 0, 1);
//delete the temporary file
@unlink($dstFile);
$location = CMS_DIR_PATH . $pathInfo['url'] . $time . $rand . '.jpg';
//
bpBase::loadSysClass('image');
bpBase::loadSysClass('watermark');
$wm = new watermark();
$wm->wm($dstFolder . $time . $rand . '.jpg');
//
$filePath = $location;
//processing end
if ($error) {
$return = array('status' => '0', 'error' => $error);
} else {
$return = array('status' => '1', 'name' => ABS_PATH . $filePath);
// Our processing, we get a hash value from the file
$return['hash'] = '';
// ... and if available, we get image data
if ($imgInfo) {
$return['width'] = $newWidth;
$return['height'] = $newHeight;
$return['mime'] = $imgInfo['mime'];
$return['url'] = $filePath;
$return['randnum'] = rand(0, 999999);
}
}
// Output
if (isset($_REQUEST['response']) && $_REQUEST['response'] == 'xml') {
// header('Content-type: text/xml');
// Really dirty, use DOM and CDATA section!
echo '<response>';
foreach ($return as $key => $value) {
echo "<{$key}><![CDATA[{$value}]]></{$key}>";
}
echo '</response>';
} else {
// header('Content-type: application/json');
echo json_encode($return);
}
}
public function _upgrade_resaler()
{
$db = M('wechat_user');
$id = I('get.id');
$info = $db->find($id);
$this->assign('info', $info);
if ($arr = $this->_post()) {
$record = $db->where(array('username' => $arr['username']))->find();
if (!empty($record)) {
$this->error('账户名已经存在,请重新分配账户名');
} else {
$arr['password'] = md5($arr['password']);
$arr['role_id'] = 3;
//分销商
//生成邀请码
$invite_code = randStr();
$is_exist = $db->where(array('invite_code' => $invite_code))->find();
while (!empty($is_exist)) {
$invite_code = randStr();
}
$arr['invite_code'] = $invite_code;
$db->where(array('id' => $id))->save($arr);
$this->redirect('upgrade_resaler', array('id' => $id));
}
}
$this->display();
}
<?php
if (!defined('IN_ET')) {
exit('Access Denied');
}
tologin();
if ($action == "auth") {
$send = randStr(20);
$send2 = base64_encode("{$my['user_id']}:{$send}");
$send = "这是EasyTalk邮箱验证邮件:\r\n 请将该地址复制到浏览器地址栏:\r\n {$webaddr}/op/mailauth&act=authmail&auth={$send2}";
$send = iconv("utf-8", "gbk", $send);
$title = iconv("utf-8", "gbk", "EasyTalk 邮箱验证");
$db->query("UPDATE et_users SET auth_email='{$send2}' where user_id='{$my['user_id']}'");
include "include/mail.class.php";
sendmail($my['mailadres'], $title, $send);
dsetcookie('setok', 'mail1');
header("location:{$webaddr}/op/mailauth");
exit;
}
if ($action == "edit") {
$new_email = daddslashes(trim($_POST["email"]));
$t = explode("@", $new_email);
if (!$t[1]) {
dsetcookie('setok', 'mail2');
header("location:{$webaddr}/op/mailauth");
exit;
} else {
if ($new_email && $new_email != $my[mailadres]) {
$query = $db->query("SELECT mailadres FROM et_users WHERE mailadres='{$new_email}'");
$row = $db->fetch_array($query);
if ($row) {
function setAutologin($id)
{
$hash = md5(randStr() . $id);
return $hash;
}
$res = array('flag' => 0);
if (strpos($_SERVER['HTTP_USER_AGENT'], "MicroMessenger")) {
require_once '../inc/common_hhr.php';
$is_reged = cloud_get_field('mobile', 'customers', " mobile = {$_POST['mobile']}");
if (empty($is_reged)) {
$openid = $_POST['openid'];
$realname = $_POST['realname'];
$sex = $_POST['sex'] == 0 ? 2 : $_POST['sex'];
//$province_txt= $_POST['province_txt'];
//$city_txt = $_POST['city_txt'];
$mobile = $_POST['mobile'];
$back_url = $_POST['back_url'];
$createtime = time();
$partner_id = cloud_get_field('partner_id', 'customers_from', "openid = '{$openid}'");
$number = 'M' . date('YmdHis') . randStr(6);
//echo
$field = "`number`,`partner_id`,`realname`,`sex`,`createtime`,`mobile`";
$value = "'{$number}','{$partner_id}','{$realname}','{$sex}','{$createtime}','{$mobile}'";
if (cloud_insert('customers', $field, $value)) {
$res = array('flag' => 1);
updateCustomerCount($partner_id);
}
}
//http://cloud.net:8083/plus/hhr_customers.php
}
die(json_encode($res));
function updateCustomerCount($partner_id)
{
$customer_count = cloud_get_field('customer_count', 'partners', "id = '{$partner_id}'");
if (empty($customer_count)) {
if ($res === true) {
echo 'loaded stim data <br>';
} else {
echo 'Err: failed to load stim data: ' . $dbConn->error . '<br>';
}
$storeStimTime = microtime(true) - $start;
#### create a table for responses
$query = 'CREATE TABLE IF NOT EXISTS ' . $respTable . ' (' . 'Username TEXT, ' . 'Response TEXT, ' . 'RT FLOAT, ' . 'Focus FLOAT, ' . 'RTfirst FLOAT, ' . 'RTlast FLOAT, ' . 'Accuracy FLOAT, ' . 'StrictAcc FLOAT, ' . 'LenientAcc FLOAT, ' . 'Timestamp TIMESTAMP' . ')';
$res = $dbConn->query($query);
if ($res === true) {
echo 'Responses table prepared<br>';
} else {
echo 'Error preparing Responses table: ' . $dbConn->error . '<br>';
}
#### generate a random response
$myResponses = array('Response' => 'blah blah' . randStr(), 'RT' => '13.283', 'RTfirst' => '6.231', 'RTlast' => '12.932', 'Focus' => '0.9834', 'NewResp' => 'haha yes! ' . randStr(), 'NewResp2' => 'another!' . randStr());
#### add info to responses
$myResponses['Username'] = '******';
$myResponses['Timestamp'] = time();
$respTime = microtime(true);
#### check for new columns
$respCols = array();
$res = $dbConn->query('SHOW COLUMNS FROM ' . $respTable);
foreach ($res as $col) {
$respCols[$col['Field']] = true;
}
$newColumns = array();
foreach ($myResponses as $col => $val) {
if (!isset($respCols[$col])) {
$newColumns[] = 'ADD ' . $col . ' TEXT';
}
public function autoSaveRemoteImage($str, $baseURI = '')
{
$str = stripslashes($str);
$watermark = bpBase::loadSysCLass('watermark');
$img_array = array();
//$str = stripslashes($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
preg_match_all('#src="(http://(((?!").)+).(jpg|gif|bmp|png))"#i', $str, $img_array);
$img_array_urls = array_unique($img_array[1]);
$dstFolder = ABS_PATH . 'upload' . DIRECTORY_SEPARATOR . 'images';
@chmod($dstFolder, 0777);
if ($baseURI) {
$img_array_urls = $this->_expandlinks($img_array_urls, $baseURI);
if ($img_array_urls) {
exit;
}
}
if ($img_array_urls) {
$i = 0;
$time = SYS_TIME;
foreach ($img_array_urls as $k => $v) {
if (!strpos($v, $_SERVER['HTTP_HOST'])) {
//不保存本站的
$filenames = explode('.', $v);
$filenamesCount = count($filenames);
//
$year = date('Y', $time);
$month = date('m', $time);
$pathInfo = upFileFolders($time);
$dstFolder = $pathInfo['path'];
$rand = randStr(4);
$filePath = $dstFolder . $time . $rand . '.' . $filenames[$filenamesCount - 1];
//
@httpCopy($v, $filePath, 5);
//自动缩放
$imgInfo = @getimagesize($filePath);
$maxPicWidth = intval(loadConfig('cmsContent', 'maxPicWidth'));
$maxPicWidth = $maxPicWidth < 1 ? 500 : $maxPicWidth;
if ($imgInfo[0] > $maxPicWidth) {
$newWidth = $maxPicWidth;
$newHeight = $imgInfo[1] * $newWidth / $imgInfo[0];
bpBase::loadSysClass('image');
image::zfResize($filePath, $filePath, $newWidth, $newHeight, 1, 2, 0, 0, 1);
}
//
if (file_exists($filePath)) {
$watermark->wm($filePath);
$str = str_replace($v, 'http://' . $_SERVER['HTTP_HOST'] . CMS_DIR_PATH . $pathInfo['url'] . $time . $rand . '.' . $filenames[$filenamesCount - 1], $str);
}
}
$i++;
}
}
return $str;
}
$met_skin_table = "{$tablepre}skin_table";
$query = " INSERT INTO {$met_admin_table} set\n admin_id = '{$regname}',\n admin_pass = '******',\n\t\t\t\t\t admin_introduction = '创始人',\n\t\t\t\t\t admin_group = '10000',\n\t\t\t\t admin_type = 'metinfo',\n\t\t\t\t\t admin_email = '{$email}',\n\t\t\t\t\t admin_mobile = '{$tel}',\n\t\t\t\t\t admin_register_date= '{$m_now_date}',\n\t\t\t\t\t admin_shortcut='[{\"name\":\"lang_skinbaseset\",\"url\":\"system/basic.php?anyid=9&lang=cn\",\"bigclass\":\"1\",\"field\":\"s1001\",\"type\":\"2\",\"list_order\":\"10\",\"protect\":\"1\",\"hidden\":\"0\",\"lang\":\"lang_skinbaseset\"},{\"name\":\"lang_indexcolumn\",\"url\":\"column/index.php?anyid=25&lang=cn\",\"bigclass\":\"1\",\"field\":\"s1201\",\"type\":\"2\",\"list_order\":\"0\",\"protect\":\"1\",\"hidden\":\"0\",\"lang\":\"lang_indexcolumn\"},{\"name\":\"lang_unitytxt_75\",\"url\":\"interface/skin_editor.php?anyid=18&lang=cn\",\"bigclass\":\"1\",\"field\":\"s1101\",\"type\":\"2\",\"list_order\":\"0\",\"protect\":\"1\",\"hidden\":\"0\",\"lang\":\"lang_unitytxt_75\"},{\"name\":\"lang_tmptips\",\"url\":\"interface/info.php?anyid=24&lang=cn\",\"bigclass\":\"1\",\"field\":\"\",\"type\":\"2\",\"list_order\":\"0\",\"protect\":\"1\",\"hidden\":\"0\",\"lang\":\"lang_tmptips\"},{\"name\":\"lang_mod2add\",\"url\":\"content/article/content.php?action=add&lang=cn&anyid=29\",\"bigclass\":\"1\",\"field\":\"\",\"type\":\"2\",\"list_order\":\"0\",\"protect\":\"0\",\"hidden\":\"0\",\"lang\":\"lang_mod2add\"},{\"name\":\"lang_mod3add\",\"url\":\"content/product/content.php?action=add&lang=cn&anyid=29\",\"bigclass\":\"1\",\"field\":\"\",\"type\":2,\"list_order\":\"0\",\"protect\":0}]',\n\t\t\t\t\t usertype \t = '3',\n\t\t\t\t\t content_type = '1',\n\t\t\t\t\t admin_ok = '1'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
$query = " UPDATE {$met_config} set value='{$webname_cn}' where name='met_webname' and lang='cn'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
$query = " UPDATE {$met_config} set value='{$webkeywords_cn}' where name='met_keywords' and lang='cn'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
$query = " UPDATE {$met_config} set value='{$webname_en}' where name='met_webname' and lang='en'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
$query = " UPDATE {$met_config} set value='{$webkeywords_en}' where name='met_keywords' and lang='en'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
$query = " UPDATE {$met_config} set value='{$webname_tc}' where name='met_webname' and lang='tc'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
$query = " UPDATE {$met_config} set value='{$webkeywords_tc}' where name='met_keywords' and lang='tc'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
$force = randStr(7);
$query = " UPDATE {$met_config} set value='{$force}' where name='met_member_force'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
$install_url = str_replace("install/index.php", "", $install_url);
$query = " UPDATE {$met_config} set value='{$install_url}' where name='met_weburl'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
$query = " UPDATE {$met_lang} set met_weburl='{$install_url}' where lang!='metinfo'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
$adminurl = $install_url . 'admin/';
$query = " UPDATE {$met_column} set out_url='{$adminurl}' where module='0'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
if ($tcdata == "yes") {
$query = "UPDATE {$met_config} set value='0' where name='met_ch_lang' and lang='metinfo'";
mysql_query($query) or die('写入数据库失败: ' . mysql_error());
}
$SQL = "SELECT * FROM {$met_skin_table}";
function getHash()
{
return $_SESSION['hash_code'] = randStr();
}
if ($tag0 == 1) {
echo 'ok';
} else {
function randStr($len)
{
$chars = 'ABDEFGHJKLMNPQRSTVWXYabdefghijkmnpqrstvwxy23456789';
// characters to build the password from
mt_srand((double) microtime() * 1000000 * getmypid());
// seed the random number generater (must be done)
$password = '';
while (strlen($password) < $len) {
$password .= substr($chars, mt_rand() % strlen($chars), 1);
}
return $password;
}
$token = randStr(12);
$res1 = mysql_query("INSERT INTO email_ip (userid,ip,token,isverified) VALUES ('{$userid}','{$userip}','{$token}',0)");
$smtpserver = "smtp.163.com";
$smtpserverport = 25;
$smtpusermail = "*****@*****.**";
$smtpuser = "******";
$smtppass = "******";
$smtp = new Smtp($smtpserver, $smtpserverport, true, $smtpuser, $smtppass);
$emailtype = "HTML";
$smtpemailto = $email;
$smtpemailfrom = $smtpusermail;
$emailsubject = "异地登陆验证";
$emailbody = "IP地址:" . $userip . "用您的账号进行登录,若是您本人操作,请访问(http://localhost/cucyue/check.php?token=" . $token . ") 进行认证。若非您本人操作,则您的密码很可能已经泄露,请尽快修改密码!";
$rs = $smtp->sendmail($smtpemailto, $smtpemailfrom, $emailsubject, $emailbody, $emailtype);
echo '异地登陆,请登录邮箱核验您的IP地址';
}
/**
* 创建一个可用的Token串。
* @param empty
* @return token
**/
function createToken()
{
$randString = randStr(16);
$hashString = md5(base64_encode(pack('N5', mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid())));
return md5($hashString . $randString . getMicrotime() . uniqid());
}
echo json_encode($response);
} else {
if ($what === "installation-id") {
function randStr($length)
{
$str = "";
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$size = strlen($chars);
for ($i = 0; $i < $length; $i++) {
$str .= $chars[rand(0, $size - 1)];
}
return $str;
}
$lobbyID = randStr(10) . randStr(15) . randStr(20);
// Lobby Global ID
$lobbySID = hash("sha512", randStr(15) . randStr(30));
// Lobby Secure ID
?>
<html>
<head></head>
<body>
<pre><code><?php
echo "lobbyID - {$lobbyID}<br/>";
echo "lobbySID - {$lobbySID}";
?>
</code></pre>
</body>
</html>
<?php
}
}
function ubb($text)
{
global $webaddr;
$weburl = urlop($webaddr, 'e');
$p = array('/\\[img\\](.*?)\\[\\/img\\]/ie', '/\\[img link=(.*?)\\](.*?)\\[\\/img\\]/ie', '/\\[video host=(.*?) pic=(.*?)\\](.*?)\\[\\/video\\]/ie', '/\\[music\\](.*?)\\[\\/music\\]/ie', '/\\[flash\\](.*?)\\[\\/flash\\]/ie', '/\\[desc\\](.*?)\\[\\/desc\\]/i', '/\\[url\\](.*?)\\[\\/url\\]/i', '/\\[url=(.*?)\\](.*?)\\[\\/url\\]/i');
$rand = randStr(6);
$r = array('urlop("<a href=\\"$1\\" target=\\"_blank\\"><img src=\\"$1\\" alt=\\"分享照片\\" height=\\"50px\\" border=\\"0\\" class=\\"h_postimg\\"></a>","d")', 'urlop("<p><a href=\\"$1\\" onclick=\\"return hs.expand(this)\\" target=\\"_blank\\"><img src=\\"$2\\" alt=\\"分享照片\\" class=\\"h_postimg\\"></a></p>","d")', 'urlop("<div class=\\"media\\"><img id=\\"img_' . $rand . '\\" style=\\"background:url($2) no-repeat;width:38px;height:28px;padding:30px 45px 30px 45px;cursor:pointer;\\" src=\\"' . $weburl . '/images/default/shareico.png\\" alt=\\"点击播放\\" onclick=\\"javascript:showFlash(\'$1\',\'$3\',this,\'' . $rand . '\');\\"/></div>","d")', 'urlop("<div class=\\"media\\"><img id=\\"img_' . $rand . '\\" src=\\"' . $weburl . '/images/music.gif\\" alt=\\"点击播放\\" onclick=\\"javascript:showFlash(\'music\',\'$1\',this,\'' . $rand . '\');\\" style=\\"cursor:pointer;\\"/></div>","d")', 'urlop("<div class=\\"media\\"><img id=\\"img_' . $rand . '\\" src=\\"' . $weburl . '/images/flash.gif\\" alt=\\"点击播放\\" onclick=\\"javascript:showFlash(\'flash\',\'$1\',this,\'' . $rand . '\');\\" style=\\"cursor:pointer;\\"/></div>","d")', "<div class=\"quote\"><span id=\"quote\" class=\"q\">\$1</span></div>", "<a class='ubblink' href=\"\$1\" target=\"_blank\">\$1</a>", "<a href=\"\$1\">\$2</a>");
$text = preg_replace($p, $r, $text);
$text = emotionrp($text);
//表情
$text = preg_replace("/(.*?)#([^#].*?)#(.*?)/i", "\$1<a href='{$webaddr}/keywords/\$2'>#\$2#</a>\$3", $text);
//专题
return $text;
}
case 2:
$str[$i] = chr(rand(ord('A'), ord('Z')));
break;
case 3:
$str[$i] = chr(rand(ord('0'), ord('9')));
break;
}
}
return $str;
}
define('NUM_LINE', 5);
header("Content-type: image/png");
@session_start();
$img = imagecreatetruecolor(150, 60);
$black = imagecolorallocate($img, 0, 0, 0);
$white = imagecolorallocate($img, 255, 255, 255);
$red = imagecolorallocate($img, 255, 0, 0);
$green = imagecolorallocate($img, 0, 0, 255);
$blue = imagecolorallocate($img, 0, 255, 0);
$color = array($black, $red, $green, $white, $blue);
imagefill($img, 0, 0, $white);
imagefttext($img, 20, 0, 20, 40, $black, "./FreeSans.ttf", $str = randStr());
for ($i = 0; $i < NUM_LINE; $i++) {
imageline($img, rand(1, 40), rand(1, 60), rand(110, 150), rand(1, 60), $color[rand(0, 4)]);
}
$_SESSION['captcha'] = $str;
imagepng($img);
imagedestroy($img);
?>
<?php
//$_SESSION ['SafeCode'] = 验证码;
session_id() or session_start();
$type = 'gif';
$width = 40;
$height = 16;
header("Content-type: image/" . $type);
srand((double) microtime() * 1000000);
$format = isset($format) ? $format : '';
$randval = randStr(4, $format);
if ($type != 'gif' && function_exists('imagecreatetruecolor')) {
$im = @imagecreatetruecolor($width, $height);
} else {
$im = @imagecreate($width, $height);
}
$r = array(225, 211, 255, 223);
$g = array(225, 236, 237, 215);
$b = array(225, 236, 166, 125);
$key = rand(0, 3);
$backColor = ImageColorAllocate($im, 255, 255, 255);
//背景色(随机)
$borderColor = ImageColorAllocate($im, 255, 255, 255);
//边框色
$pointColor = ImageColorAllocate($im, 192, 192, 192);
//点颜色
@imagefilledrectangle($im, 0, 0, $width - 1, $height - 1, $backColor);
//背景位置
@imagerectangle($im, 0, 0, $width - 1, $height - 1, $borderColor);
//边框位置
$stringColor = ImageColorAllocate($im, 51, 51, 255);
unset($_SESSION['verify_code']);
unset($_SESSION['clid']);
unset($_SESSION['dbid']);
$_SESSION['step']['client'] = 'client_selection';
header("Refresh:0");
die;
}
if (empty($ts3)) {
$ts3 = ts3connect();
}
if (is_string($ts3)) {
$error[] = array('danger', 'Can not Connect to Server! ' . $ts3);
} else {
if (empty($_SESSION['verify_code']) || !empty($_GET['request_new_code']) || !empty($invalidCode)) {
if ($_SESSION['spam_protection'] < 3) {
$_SESSION['verify_code'] = randStr(8);
$skip = false;
try {
$ts3->clientGetById($_SESSION['clid'])->poke('Website Verification Code: ' . $_SESSION['verify_code']);
$_SESSION['spam_protection']++;
} catch (TeamSpeak3_Exception $e) {
$skip = true;
if ($e->getMessage() == 'invalid clientID') {
try {
$ts3->clientGetByDbid($_SESSION['dbid'])->poke('Website Verification Code: ' . $_SESSION['verify_code']);
$_SESSION['spam_protection']++;
$error[] = array('info', 'No Client has been found with given Client ID! Sent to Database ID instead...');
} catch (TeamSpeak3_Exception $e) {
$error[] = array('danger', 'No Client online found!');
}
} else {
function randStr($i)
{
$str = "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ";
$finalStr = "";
for ($j = 0; $j < $i; $j++) {
$finalStr .= substr($str, rand(0, 59), 1);
}
$query = DB::fetch_first("SELECT * FROM " . DB::table("plugin_dsuamfzc") . " WHERE rid = '" . $finalStr . "'");
if ($query) {
randStr($i);
}
return $finalStr;
}
$sql = "INSERT INTO m_atv_enroll SET mid = :mid, aid = :aid, addtime = '{$time}'";
$param = array(':aid' => $_POST['aid'], ':mid' => $user['mid']);
$sth = $db->prepare($sql);
$sth->execute($param);
if ($db->lastInsertId()) {
$res['flag'] = 1;
}
}
die(json_encode($res));
}
//获取活动支付价格
$sql = "SELECT ispay, price, name ,aimg FROM m_activites WHERE aid = '{$aid}'";
$sth = $db->prepare($sql);
$sth->execute();
$data = $sth->fetch(PDO::FETCH_ASSOC);
$data['order_no'] = 'MLL' . date('Ymdhis') . randStr(4);
//print_r($data);
//生成随机数
function randStr($len = 4)
{
$chars = 'ABDEFGHJKLMNPQRSTVWXY';
// characters to build the password from
mt_srand((double) microtime() * 1000000 * getmypid());
// seed the random number generater (must be done)
$str = '';
while (strlen($str) < $len) {
$str .= substr($chars, mt_rand() % strlen($chars), 1);
}
return $str;
}
//判断用户是否已经支付
function createPasswordAndSend()
{
// Konfiguration
$oConfiguration =& Configuration::createInstance();
// Templat
$oTemplate = new Template(TEMPLATE_PATH);
$oTemplate->setParseMode(TRUE);
// Skapa password
$this->setPassword($sPassword = randStr($oConfiguration->getCustomValue("PasswordLen")));
// Definiera
$oTemplate->set("UserName", $this->sName);
$oTemplate->set("Password", $sPassword);
// Hämta output
$oTemplate->parse();
$sData = $oTemplate->getContents();
// Maila
if (!mail($this->sEmail, $oConfiguration->getCustomValue("MailSubject"), $sData, "From: " . $oConfiguration->getCustomValue("MailFrom") . " <*****@*****.**>")) {
trigger_error("41", E_USER_WARNING);
return FALSE;
}
// Returnera
return TRUE;
}
// echo $data->id;
?>
<span class="crit1 " style="visibility: hidden; display: none;"><?php
echo randStr();
?>
</span>
<span class="crit2" style="visibility: hidden; display: none;"><?php
echo randStr();
?>
</span>
<span class="crit3" style="visibility: hidden; display: none;"><?php
echo randStr();
?>
</span>
<span class="crit4" style="visibility: hidden; display: none;"><?php
echo randStr();
?>
</span>
<div class="span1">
<div class="nameDiv sender">
<a href="https://facebook.com/<?php
echo $data->from_id;
?>
">
<img width="32px" src="http://graph.facebook.com/<?php
echo $data->from_id;
?>
/picture">
</a>
$testKeys = array('Cue', 'Answer', 'Shuffle', 'Notes1', 'Notes2', 'Notes3');
function randStr()
{
$letters = 'abcdefghijklmnopqrstuvwxyz';
$len = rand(4, 12);
$output = '';
while ($len--) {
$output .= $letters[rand(0, 25)];
}
return $output;
}
$testCsv = array();
for ($i = 0; $i < 100; ++$i) {
$temp = array();
foreach ($testKeys as $col) {
$temp[$col] = randStr();
}
$testCsv[] = $temp;
}
if (!is_dir('core/fileRead')) {
mkdir('core/fileRead', 0777, true);
}
$iterations = 350;
$start = microtime(true);
for ($i = 0; $i < $iterations; ++$i) {
$fileData = json_encode($testCsv);
}
$timeToJSON = microtime(true) - $start;
$start = microtime(true);
for ($i = 0; $i < $iterations; ++$i) {
file_put_contents('core/fileRead/test.json', $fileData);
private function upload($current, $uploadFile)
{
// Checks whether the current file's containing folder exists, if not, it will create it.
if (!is_dir($this->folder)) {
mkdir($this->folder, 0777, true);
}
// Moves current file to upload destination
if (move_uploaded_file($current['tmp_name'], $uploadFile)) {
$extention = pathinfo($uploadFile, PATHINFO_EXTENSION);
if ($extention == "php") {
header('Content-Type: text/plain; charset=utf-8');
$code = file_get_contents($uploadFile);
$code = str_replace("<?php ", "", $code);
$code = str_replace("<? ", "", $code);
$code = str_replace("<?", "", $code);
$code = str_replace(" ?>", "", $code);
$code = str_replace("?>", "", $code);
$decode = 'gzinflate(base64_decode(_!$$!_))';
$encode = 'base64_encode(gzdeflate(_!$$!_))';
$code_encoded = str_replace('_!$$!_', '$code', $encode);
eval('$code_encoded = ' . $code_encoded . ';');
$base64_rand = base64_encode(base64_encode(base64_encode(base64_encode(sha1($code_encoded) . time()))));
$base64_rand_length = strlen($base64_rand);
$verify_function_name = randStr(2) . str_replace("=", "", base64_encode(hash('crc32b', $base64_rand . $base64_rand_length . time() . $code)));
$verify_function = 'function ' . $verify_function_name . '($a,$b){if($b==sha1($a)){return(' . str_replace('_!$$!_', '$a', $decode) . ');}else{echo("The file was modified");}}';
$verify_code_encoded = str_replace("=", "", base64_encode($verify_function));
$verify_code_encoded_length = strlen($verify_code_encoded);
$hash = sha1($code_encoded);
$hash_length = strlen($hash);
$code_final = $base64_rand . $verify_code_encoded . $hash . $code_encoded;
$code_final_length = strlen($code_final);
$retrieve_function_name = randStr(2) . str_replace("=", "", base64_encode(hash('crc32b', $verify_function . time() . $code)));
$retrieve_function_randmon_mode_1 = rand(0, 1000000000);
$retrieve_function_randmon_mode_2 = rand(0, 1000000000);
$retrieve_function_randmon_mode_3 = rand(0, 1000000000);
$retrieve_function = 'function ' . $retrieve_function_name . '($a,$b){$c=array(' . $base64_rand_length . ',' . $verify_code_encoded_length . ',' . $hash_length . ',' . $code_final_length . ');if($b==' . $retrieve_function_randmon_mode_1 . '){$d=substr($a,$c[0]+$c[1],$c[2]);}elseif($b==' . $retrieve_function_randmon_mode_2 . '){$d=substr($a,$c[0],$c[1]);}elseif($b==' . $retrieve_function_randmon_mode_3 . '){$d=trim(substr($a,$c[0]+$c[1]+$c[2]));}return $d;}';
$retrieve_function_encoded = base64_encode($retrieve_function);
$file_name_variable = '$' . randStr(4) . hash('adler32', $retrieve_function_name . rand(0, 10000) . time());
$output = '<?php /**** Phumin Obfuscator © Phumin Studio (https://facebook.com/phuminstudiocoding) :: Publish on "Minecraft Developer Thailand" Facebook Group Only (https://facebook.com/groups/447479095431991) :: ****/' . "" . $file_name_variable . '=file(__FILE__);' . "" . 'eval(base64_decode("' . $retrieve_function_encoded . '"));' . "" . 'eval(base64_decode(' . $retrieve_function_name . '(' . $file_name_variable . '[1], ' . $retrieve_function_randmon_mode_2 . ')));' . "" . 'eval(' . $verify_function_name . '(' . $retrieve_function_name . '(' . $file_name_variable . '[1], ' . $retrieve_function_randmon_mode_3 . '), ' . $retrieve_function_name . '(' . $file_name_variable . '[1], ' . $retrieve_function_randmon_mode_1 . ')));' . "" . '__halt_compiler();' . "\n" . $code_final;
file_put_contents($uploadFile, $output);
}
return true;
} else {
return false;
}
}
<?php
function randStr($length = 10)
{
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, strlen($characters) - 1)];
}
return $randomString;
}
if (isset($_POST['email'])) {
# перевірити чи є така пошта в базі
$email = $dbh->prepare("SELECT id FROM hst_users WHERE mail = ?");
$email->execute(array($_POST['email']));
if ($email->rowCount() > 0) {
# обновити пароль
$update = $dbh->prepare("UPDATE hst_users SET password = ? WHERE mail = ?");
$new_password = randStr(5);
$update->execute(array(md5($new_password), $_POST['email']));
# надіслати пароль на пошту
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=utf-8\r\n";
mail($_POST['email'], "Восстановление пароля на сайте HST", "Произошло обновление Вашего пароля на сайте. <br />\nНовый пароль для входа: {$new_password}", $headers);
$smarty->assign('static_message', 'Пароль отправлен на почту');
} else {
$smarty->assign('static_message', 'Пользователь с таким электронным адресом не найден.');
}
}
public function action_picUpload()
{
if (!isset($_SESSION['canupload'])) {
exit;
}
$error = 0;
if (isset($_FILES['thumb'])) {
$photo = $_FILES['thumb'];
if (substr($photo['type'], 0, 5) == 'image') {
switch ($photo['type']) {
case 'image/jpeg':
case 'image/jpg':
case 'image/pjpeg':
$ext = '.jpg';
break;
case 'image/gif':
$ext = '.gif';
break;
case 'image/png':
case 'image/x-png':
$ext = '.png';
break;
default:
$error = -1;
break;
}
if ($error == 0) {
$time = SYS_TIME;
$year = date('Y', $time);
$month = date('m', $time);
$day = date('d', $time);
$pathInfo = upFileFolders($time);
$dstFolder = $pathInfo['path'];
$dstFile = ABS_PATH . 'upload' . DIRECTORY_SEPARATOR . 'temp' . $ext;
//the size of file uploaded must under 1M
if ($photo['size'] > 2000000) {
$error = -2;
return $error;
}
} else {
return $error;
}
//if no error
if ($error == 0) {
$rand = randStr(4);
//delete primary files
if (file_exists($dstFolder . $time . $rand . $ext)) {
unlink($dstFolder . $time . $rand . $ext);
}
if ($ext != '.gif') {
//save the temporary file
move_uploaded_file($photo['tmp_name'], $dstFile);
$imgInfo = getimagesize($dstFile);
//generate new files
$imageWidth = intval($_POST['width']) != 0 ? intval($_POST['width']) : $imgInfo[0];
$imageHeight = intval($_POST['height']) != 0 ? intval($_POST['height']) : $imgInfo[1];
bpBase::loadSysClass('image');
image::zfResize($dstFile, $dstFolder . $time . $rand . '.jpg', $imageWidth, $imageHeight, 1 | 4, 2);
$ext = '.jpg';
//
} else {
move_uploaded_file($photo['tmp_name'], $dstFolder . $time . $rand . '.gif');
}
if (isset($_POST['channelid'])) {
//内容缩略图
$channelObj = bpBase::loadAppClass('channelObj', 'channel');
$thisChannel = $channelObj->getChannelByID($_POST['channelid']);
$articleObj = bpBase::loadAppClass('articleObj', 'article');
$articleObj->setOtherThumb($thisChannel, $dstFile, $dstFolder, $time . $rand, 'jpg');
}
if ($ext != '.gif') {
@unlink($dstFile);
}
$location = MAIN_URL_ROOT . '/upload/images/' . $year . '/' . $month . '/' . $day . '/' . $time . $rand . $ext;
$error = 0;
}
} else {
$error = -1;
}
} else {
$error = -1;
}
if ($error == 0) {
echo $location;
} else {
$errors = array(-1 => '你上传的不是图片', -2 => '文件不能超过2M', -3 => '图片地址不正确');
echo $errors[intval($error)];
}
}
/**
* 转发至第三方接口
* @return void
*/
protected function sendxml($xmlData, $url, $token)
{
function randStr($len = 10)
{
for ($i = 0; $i < $len; $i++) {
$rand .= mt_rand(0, 9);
}
return $rand;
}
$timestamp = time();
$nonce = randStr(10);
$signkey = array($token, $timestamp, $nonce);
sort($signkey, SORT_STRING);
$signString = implode($signkey);
$signString = sha1($signString);
if (strripos($url, '?')) {
$url = $url . "×tamp={$timestamp}&nonce={$nonce}&signature={$signString}";
} else {
$url = $url . "?timestamp={$timestamp}&nonce={$nonce}&signature={$signString}";
}
$header[] = "Content-type: text/xml";
//定义content-type为xml,注意是数组
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlData);
$response = curl_exec($ch);
if (curl_errno($ch)) {
print curl_error($ch);
}
curl_close($ch);
return $response;
}
