Example #1
0
function usepin()
{
    global $PIN_EXPIRE_TIME;
    if (!isset($_COOKIE["username"]) || !isset($_COOKIE["device"])) {
        return False;
    }
    $user = $_COOKIE["username"];
    $device = $_COOKIE["device"];
    if ($user == "" || $device == "") {
        return False;
    }
    $link = sqllink();
    if (!$link) {
        return False;
    }
    $sql = "SELECT id FROM `pwdusrrecord` WHERE `username`= ?";
    $res = sqlexec($sql, array($user), $link);
    $record = $res->fetch(PDO::FETCH_ASSOC);
    if ($record == FALSE) {
        return False;
    }
    $id = $record['id'];
    $sql = "DELETE FROM `pin` WHERE `errortimes` >= 3 OR UNIX_TIMESTAMP( NOW( ) ) - UNIX_TIMESTAMP(`createtime`) > ?";
    $res = sqlexec($sql, array($PIN_EXPIRE_TIME), $link);
    $sql = "SELECT * FROM `pin` WHERE `userid`= ? AND `device`= ?";
    $res = sqlexec($sql, array($id, $device), $link);
    $record = $res->fetch(PDO::FETCH_ASSOC);
    if ($record == FALSE) {
        return False;
    }
    return True;
}
Example #2
0
function checksession($link)
{
    global $SERVER_TIMEOUT;
    session_start();
    if (!isset($_SESSION['loginok']) || $_SESSION['loginok'] != 1) {
        session_destroy();
        return FALSE;
    }
    if (!$link || !isset($_SESSION['create_time']) || $_SESSION['create_time'] + $SERVER_TIMEOUT < time()) {
        session_destroy();
        return FALSE;
    }
    $usr = $_SESSION['user'];
    $pw = $_SESSION['pwd'];
    $id = $_SESSION['userid'];
    if ($usr == '' || $pw == '' || $id == '') {
        session_destroy();
        return FALSE;
    }
    $sql = "SELECT * FROM `pwdusrrecord` WHERE `username`= ? AND `password`= ? AND `id`= ?";
    $res = sqlexec($sql, array($usr, $pw, $id), $link);
    $record = $res->fetch(PDO::FETCH_ASSOC);
    if ($record == FALSE) {
        session_destroy();
        return FALSE;
    }
    $_SESSION['create_time'] = time();
    setcookie("ServerRenew", "1");
    return TRUE;
}
Example #3
0
function viewrecord($pagename)
{
    $reIP = $_SERVER["REMOTE_ADDR"];
    $updatetime = date('Y-m-d H:i:s');
    $sql = "insert into t_viewrecord(ip,updatetime,viewpage) values('" . $reIP . "','" . $updatetime . "','" . $pagename . "')";
    sqlexec($sql);
}
Example #4
0
function loghistory($link, $userid, $ip, $ua, $outcome)
{
    $sql = "SELECT max(`id`) AS `m` FROM `history`";
    $res = sqlquery($sql, $link);
    $r = $res->fetch(PDO::FETCH_ASSOC);
    $i = $r == FALSE ? 0 : (int) $r['m'] + 1;
    $sql = "INSERT INTO `history` VALUES (?,?,?,?,?,CURRENT_TIMESTAMP)";
    $res = sqlexec($sql, array($i, $userid, $ip, $ua, $outcome), $link);
}
Example #5
0
function delete_old_process($link)
{
    $ret = sqlquery('SELECT * FROM `process` where 1', $link);
    while ($i = $ret->fetch(PDO::FETCH_ASSOC)) {
        if (!pstatus($i['pid'])) {
            sqlexec('DELETE FROM `process` where pid=?', array($i['pid']), $link);
            deldir('qqbot/' . $i['id']);
        }
    }
}
Example #6
0
function deleteexpire($link)
{
    $e = date('Y-m-d');
    $sql = "SELECT COUNT(`id`) FROM `talkrecord` WHERE ? >= `expire`";
    $res = sqlexec($sql, array($e), $link);
    $num = $res->fetch(PDO::FETCH_NUM);
    $num = $num[0];
    $sql = "DELETE FROM `talkrecord` WHERE ? >= `expire`";
    $res = sqlexec($sql, array($e), $link);
    return $num;
}
Example #7
0
<?php

function pstatus($pid)
{
    $command = 'ps -p ' . $pid;
    exec($command, $op);
    if (!isset($op[1])) {
        return false;
    } else {
        return true;
    }
}
require_once 'function/sqllink.php';
if (!isset($_POST['id'])) {
    die('{"retcode":999,"msg":"CAN NOT FIND ID IN THE PARAMETER"}');
}
$link = sqllink();
if (!$link) {
    die('{"retcode":99,"msg":"DATABASE ERROR"}');
}
$res = sqlexec('SELECT * FROM `process` where `sid`=?', array($_POST['id']), $link);
$result = $res->fetch(PDO::FETCH_ASSOC);
if ($result == FALSE) {
    die('{"retcode":0,"msg":"SUCC"}');
}
//don't tell malicious person the id does not exist
if (pstatus($result['pid'])) {
    shell_exec("kill " . $result['pid']);
}
die('{"retcode":0,"msg":"SUCC"}');
Example #8
0
<?php

require_once "function/encryption.php";
require_once "function/sqllink.php";
session_start();
$usr = $_POST['user'];
$pw = $_POST['pwd'];
if ($pw == "" || $usr == "") {
    die("0");
}
$link = sqllink();
if (!$link) {
    die('4');
}
$sql = "SELECT * FROM `pwdusrrecord` WHERE `username`= ?";
$res = sqlexec($sql, array($usr), $link);
$record = $res->fetch(PDO::FETCH_ASSOC);
if ($record == FALSE) {
    die('0');
}
if (strcmp(decrypt($record["password"], $GLOBAL_SALT_3), $pw) != 0) {
    die("1");
}
$_SESSION['loginok'] = 1;
$_SESSION['user'] = $usr;
$_SESSION['userid'] = $record['id'];
$_SESSION['pwd'] = $record['password'];
echo "9";
Example #9
0
function random_str($length)
{
    $arr = array_merge(range(0, 9), range('a', 'z'), range('A', 'Z'));
    $str = '';
    $arr_len = count($arr);
    for ($i = 0; $i < $length; $i++) {
        $rand = mt_rand(0, $arr_len - 1);
        $str .= $arr[$rand];
    }
    return $str;
}
require_once "function/sqllink.php";
require_once "function/encryption.php";
$link = sqllink();
if (!checksession($link)) {
    die("0");
}
$id = $_SESSION['userid'];
$usr = $_SESSION['user'];
$username = $_POST['user'];
$device = $_POST['device'];
$sig = $_POST['sig'];
if ($username != $usr) {
    die('0');
}
$sql = "DELETE FROM `pin` WHERE `userid`= ? AND `device`= ?";
$res = sqlexec($sql, array($id, $device), $link);
$pinpk = random_str(29);
$sql = "INSERT INTO `pin` (`userid`,`device`,`pinsig`,`pinpk`,`ua`) VALUES (?,?,?,?,?)";
$res = sqlexec($sql, array($id, $device, $sig, $pinpk, $_SERVER['HTTP_USER_AGENT']), $link);
echo $pinpk;
Example #10
0
    die('0');
}
$sql = "SELECT * FROM `password` WHERE `userid`= ? AND `index`= ? ";
$res = sqlexec($sql, array($id, (int) $index), $link);
$record = $res->fetch(PDO::FETCH_ASSOC);
if ($record == FALSE) {
    $link->commit();
    die("0");
}
$ppwd = $_POST['newpwd'];
$pubkey = mt_rand(10000000, 99999999);
$newpw = encrypt($ppwd, $pubkey);
$changedCols = "`key` = ? ,`pwd` = ?";
$values = array($pubkey, $newpw);
if (isset($_POST["name"])) {
    $changedCols .= " ,`name` = ?";
    array_push($values, $_POST["name"]);
}
if (isset($_POST["other"])) {
    $changedCols .= " ,`other` = ?";
    array_push($values, $_POST["other"]);
}
array_push($values, $id, (int) $index);
$sql = "UPDATE `password` SET " . $changedCols . " WHERE `userid` = ? AND `index`= ?";
$res = sqlexec($sql, $values, $link);
if ($res == NULL) {
    $link->rollBack();
    die("0");
}
$link->commit();
echo "1";
Example #11
0
    die(0);
}
$user = $_POST['user'];
$device = $_POST['device'];
if ($user == "" || $device == "") {
    die("0");
}
$sql = "SELECT `id` FROM `pwdusrrecord` WHERE `username`= ?";
$res = sqlexec($sql, array($user), $link);
$record = $res->fetch(PDO::FETCH_ASSOC);
if ($record == FALSE) {
    die("0");
}
$id = $record['id'];
$sql = "DELETE FROM `pin` WHERE `errortimes` >= 3 OR UNIX_TIMESTAMP( NOW( ) ) - UNIX_TIMESTAMP(`createtime`) > ?";
$res = sqlexec($sql, array($PIN_EXPIRE_TIME), $link);
$sql = "SELECT `pinsig`,`pinpk` FROM `pin` WHERE `userid`= ? AND `device`=?";
$res = sqlexec($sql, array($id, $device), $link);
$record = $res->fetch(PDO::FETCH_ASSOC);
if ($record == FALSE) {
    die("0");
}
$sig = $record['pinsig'];
if (strcmp(hash('sha512', (string) $sig . (string) $_SESSION['random_login_stamp']), (string) $_POST['sig']) == 0) {
    $sql = "UPDATE `pin` SET `errortimes`=0 WHERE `userid`= ? AND `device`=?";
    $res = sqlexec($sql, array($id, $device), $link);
    die($record['pinpk']);
}
$sql = "UPDATE `pin` SET `errortimes`=`errortimes`+1 WHERE `userid`= ? AND `device`=?";
$res = sqlexec($sql, array($id, $device), $link);
die('1');
Example #12
0
$link = sqllink();
if (checksession($link) == FALSE) {
    die('0');
}
$id = $_SESSION['userid'];
$arr = array();
$sql = "SELECT * FROM `password` WHERE `userid`= ?";
$res = sqlexec($sql, array($id), $link);
while ($i = $res->fetch(PDO::FETCH_ASSOC)) {
    $index = $i['index'];
    $name = $i['name'];
    $other = $i['other'];
    $kss = decrypt($i['pwd'], $i['key']);
    $arr[(int) $index] = array($name, $kss, $other);
}
$farray = array('status' => 'NO', 'random' => mt_rand(10000, 50000));
if ($_POST['a'] == 'farray') {
    $tmparr = array();
    $sql = "select * from `files` WHERE `userid`=?";
    $res = sqlexec($sql, array($id), $link);
    while ($i = $res->fetch(PDO::FETCH_ASSOC)) {
        $index = $i['index'];
        $fname = $i['fname'];
        $key = $i['key'];
        $files = $i['files'];
        $tmparr[(int) $index] = array($fname, $key, $files);
    }
    $farray = array('status' => 'OK', 'data' => $tmparr);
}
$ret = array('status' => 'OK', 'VERSION' => $VERSION, 'JSsalt' => $GLOBAL_SALT_1, 'PWsalt' => $GLOBAL_SALT_2, 'ALPHABET' => $DEFAULT_LETTER_USED, 'data' => $arr, 'fdata' => $farray);
echo json_encode($ret);
Example #13
0
}
$sql = "SELECT * FROM `pwdusrrecord` WHERE `username`= ? AND `password`= ? AND `id`= ?";
$res = sqlexec($sql, array($usr, $pw, $id), $link);
$record = $res->fetch(PDO::FETCH_ASSOC);
if ($record == FALSE) {
    session_destroy();
    die("0");
}
$ppwd = $_POST['newpwd'];
$pubkey = mt_rand(10000000, 99999999);
$newpw = encrypt($ppwd, $pubkey);
$name = $_POST['name'];
if (!$link->beginTransaction()) {
    die('0');
}
$sql = "SELECT max(`index`) FROM `password` WHERE `userid`= ?";
$res = sqlexec($sql, array($id), $link);
$record = $res->fetch(PDO::FETCH_NUM);
if ($record == FALSE) {
    $nid = 1;
} else {
    $nid = (int) $record[0] + 1;
}
$sql = "INSERT INTO `password` VALUES (?, ?, ?, ?,?)";
$res = sqlexec($sql, array($nid, $id, $name, $newpw, $pubkey), $link);
if ($record == NULL) {
    $link->rollBack();
    die(0);
}
$link->commit();
echo "1";
Example #14
0
 private function updatewxuserid($object, $keyword)
 {
     //更新wxid操作
     $wxid = $object->FromUserName;
     $updatetime = date('Y-m-d H:i:s');
     $sqlstr = "select * from t_wxreguser where wxid='" . $wxid . "'";
     if (get_mydata($sqlstr) == false) {
         $sqlstr = "insert into t_wxreguser (wxid,regtime,keyword,updatetime) values ('" . $wxid . "','" . $updatetime . "','" . $keyword . "','" . $updatetime . "')";
         sqlexec($sqlstr);
     } else {
         $sqlstr = "update t_wxreguser set keyword='" . $keyword . "',updatetime ='" . $updatetime . "' where wxid='" . $wxid . "'";
         sqlexec($sqlstr);
     }
     return true;
 }
Example #15
0
    die("0");
}
$sql = "SELECT * FROM `pwdusrrecord` WHERE `username`= ? AND `password`= ? AND `id`= ?";
$res = sqlexec($sql, array($usr, $pw, $id), $link);
$record = $res->fetch(PDO::FETCH_ASSOC);
if ($record == FALSE) {
    session_destroy();
    die("0");
}
$index = $_POST['index'];
if (!$link->beginTransaction()) {
    die('0');
}
$sql = "SELECT * FROM `password` WHERE `userid`= ? AND `index`= ? ";
$res = sqlexec($sql, array($id, (int) $index), $link);
$record = $res->fetch(PDO::FETCH_ASSOC);
if ($record == FALSE) {
    $link->commit();
    die("0");
}
$ppwd = $_POST['newpwd'];
$pubkey = mt_rand(10000000, 99999999);
$newpw = encrypt($ppwd, $pubkey);
$sql = "UPDATE `password` SET `key` = ? ,`pwd` = ?  WHERE `userid` = ? AND `index`= ?";
$res = sqlexec($sql, array($pubkey, $newpw, $id, (int) $index), $link);
if ($res == NULL) {
    $link->rollBack();
    die("0");
}
$link->commit();
echo "1";
Example #16
0
        echo "<p>对不起,没有查找到您要发送的模版内容!---</p>" . $date;
        return;
    } else {
        echo "<p>正在发送模板消息!---</p>" . $date;
        $weixin = new class_weixin();
        foreach ($datatemp_array as $row) {
            $wxid = $row['wxid'];
            $cdkey = $row['cdkey'];
            $username = $row['username'];
            $carnum = $row['carnum'];
            $arrivetime = $row['arrivetime'];
            $kindname = $row['kindname'];
            $arriveposition = $row['spotpositionname'];
            $sendtime = date("Y-m-d H:i:s");
            //
            $result = $weixin->sendtemplatemsg($wxid, $cdkey, $username, $carnum, $arrivetime, $kindname, $arriveposition);
            if ($result == 0) {
                $sql = "update t_wxsendtemplate set sendcount = sendcount +1,sendstatus ='ok',sendtime ='" . $sendtime . "' where cdkey ='" . $cdkey . "'";
                sqlexec($sql);
            } else {
                $sql = "update t_wxsendtemplate set sendcount = sendcount +1,sendstatus ='" . $result . "',sendtime ='" . $sendtime . "' where cdkey ='" . $cdkey . "'";
                sqlexec($sql);
            }
            usleep(50000);
        }
    }
}
?>

   	
</html>
Example #17
0
}
echoheader();
?>
<script type="text/javascript" src="aes.js"></script>
<script type="text/javascript" src="sha512.js"></script>
<script type="text/javascript" src="en.js"></script>
<div class="container theme-showcase">
<div class="page-header">
        <h1>Get Your Message</h1>
</div>
<div id='showarea'>
<?php 
$code = addslashes($_GET['f']);
$link = sqllink();
$sql = "SELECT `hint` FROM `talkrecord`  WHERE `code`=?";
$res = sqlexec($sql, array($code), $link);
$hint = $res->fetch(PDO::FETCH_ASSOC);
if ($hint == false) {
    echo '<p>ERROR:Your message doesn\'t exists! Maybe it has been viewed or expired.</p><br />';
} else {
    echo '<form>Please input your Passphrase:<input type="text" id="pcc" /></form> <button id="bu" class="btn btn-md btn-danger" onClick="d()">Confirm</button><br /><br />';
    if ($hint['hint'] != '') {
        echo '<span style="color:red">Passphrase Hint: ' . $hint['hint'] . '</span><br /><br />';
    }
    echo 'You should get the passphrase (key) from the sender.<br /><br /><span style="color:blue">Please Notice: this message can be displayed only ONCE, the message will be deleted from the server once you see it.</span>';
}
?>
</div>
<script type="text/javascript">
function d()
{
Example #18
0
<?php

function error($msg)
{
    echo json_encode(array("status" => "error", "message" => $msg));
    die;
}
require_once "function/sqllink.php";
$link = sqllink();
if (!checksession($link)) {
    error("AUTHENTICATION ERROR, PLEASE RELOGIN");
}
$id = $_SESSION['userid'];
if (!isset($_POST['id']) || (int) $_POST['id'] < 1) {
    error("Parameter Error");
}
$index = (int) $_POST['id'];
$sql = "SELECT `key`,`files` FROM `files` WHERE `userid`= ? and `index`=?";
$res = sqlexec($sql, array($id, $index), $link);
$record = $res->fetch(PDO::FETCH_ASSOC);
if ($record == False) {
    error("No File Can Be Downloaded");
}
$result = array();
$result['status'] = 'success';
$result['key'] = $record['key'];
$result['data'] = $record['files'];
echo json_encode($result);
Example #19
0
if ($record == FALSE) {
    session_destroy();
    die("0");
}
$newpass = $_POST['newpass'];
$accarray = json_decode($_POST['accarray']);
$passarray = json_decode($_POST['passarray']);
$newpass = encrypt($newpass, $GLOBAL_SALT_3);
if (!$link->beginTransaction()) {
    die('0');
}
$sql = "UPDATE `pwdusrrecord` SET `password`= ? WHERE `id`= ? ";
$res = sqlexec($sql, array($newpass, $id), $link);
if ($res == NULL) {
    $link->rollBack();
    die("0");
}
$sql = "SELECT `index` FROM `password` WHERE `userid`= ?";
$res = sqlexec($sql, array($id), $link);
while ($i = $res->fetch(PDO::FETCH_ASSOC)) {
    $pubkey = mt_rand(10000000, 99999999);
    $storepw = encrypt($passarray[(int) $i["index"]], $pubkey);
    $sql = "UPDATE `password` SET `name`= ?, `pwd`=?, `key`=? WHERE `userid`=? AND `index`= ?";
    $resss = sqlexec($sql, array($accarray[(int) $i["index"]], $storepw, $pubkey, $id, (int) $i['index']), $link);
    if ($resss == NULL) {
        $link->rollBack();
        die("0");
    }
}
$link->commit();
echo "1";
Example #20
0
<?php

require_once "function/sqllink.php";
require_once "function/encryption.php";
$link = sqllink();
if (!isset($_POST['fields'])) {
    die('0');
}
if (checksession($link) == FALSE) {
    die('0');
}
$id = $_SESSION['userid'];
$sql = "UPDATE `pwdusrrecord` SET `fields`= ? WHERE `id`= ? ";
$res = sqlexec($sql, array($_POST['fields'], $id), $link);
$_SESSION['fields'] = $_POST['fields'];
echo "1";
Example #21
0
    die('6');
}
if (!$link->beginTransaction()) {
    die('4');
}
$sql = "SELECT COUNT(*) FROM `pwdusrrecord` WHERE `username`= ?";
$res = sqlexec($sql, array($usr), $link);
$num = $res->fetch(PDO::FETCH_NUM);
if ($num[0] != 0) {
    $link->commit();
    die("0");
}
$sql = "SELECT COUNT(*) FROM `pwdusrrecord` WHERE `email`= ?";
$res = sqlexec($sql, array($email), $link);
$num = $res->fetch(PDO::FETCH_NUM);
if ($num[0] != 0) {
    $link->commit();
    die("1");
}
$kp = encrypt($pw, $GLOBAL_SALT_3);
$res = sqlquery('SELECT max(`id`) FROM `pwdusrrecord`', $link);
$result = $res->fetch(PDO::FETCH_NUM);
$maxnum = $result == FALSE ? 0 : (int) $result[0];
$sql = "INSERT INTO `pwdusrrecord` VALUES (?,?,?,?,?)";
$rett = sqlexec($sql, array($maxnum + 1, $usr, $kp, $DEFAULT_FIELDS, $email), $link);
if (!$rett) {
    $link->rollBack();
    die('8');
}
$link->commit();
die('9');
Example #22
0
        $code = '';
        for ($i = 1; $i <= 6; $i++) {
            $c = rand(0, 35);
            if ($c < 10) {
                $code = $code . $c;
            } else {
                $code = $code . chr($c - 10 + ord("a"));
            }
        }
        $sql = "SELECT COUNT(*) FROM `talkrecord`  WHERE `code`=?";
        $res = sqlexec($sql, array($code), $link);
        $num = $res->fetch(PDO::FETCH_NUM);
        $num = $num[0];
        if ($num == 0) {
            break;
        }
    }
    $sql = "SELECT max(`id`) FROM `talkrecord`";
    $res = sqlquery($sql, $link);
    $num = $res->fetch(PDO::FETCH_NUM);
    if ($num == FALSE) {
        $id = 0;
    } else {
        $id = $num[0];
    }
    $id = $id + 1;
    $sql = "INSERT INTO `talkrecord` VALUES (?,?,?,?,?,?);";
    $res = sqlexec($sql, array($id, $m, $expire, $code, $p, $phint), $link);
    $_SESSION['c'] = $DOMAIN_NAME . $code;
    die($code);
}
Example #23
0
    die('6');
}
if (!$link->beginTransaction()) {
    die('4');
}
$sql = "SELECT COUNT(*) FROM `pwdusrrecord` WHERE `username`= ?";
$res = sqlexec($sql, array($usr), $link);
$num = $res->fetch(PDO::FETCH_NUM);
if ($num[0] != 0) {
    $link->commit();
    die("0");
}
$sql = "SELECT COUNT(*) FROM `pwdusrrecord` WHERE `email`= ?";
$res = sqlexec($sql, array($email), $link);
$num = $res->fetch(PDO::FETCH_NUM);
if ($num[0] != 0) {
    $link->commit();
    die("1");
}
$kp = encrypt($pw, $GLOBAL_SALT_3);
$res = sqlquery('SELECT max(`id`) FROM `pwdusrrecord`', $link);
$result = $res->fetch(PDO::FETCH_NUM);
$maxnum = $result == FALSE ? 0 : (int) $result[0];
$sql = "INSERT INTO `pwdusrrecord` VALUES (?,?,?,?)";
$rett = sqlexec($sql, array($maxnum + 1, $usr, $kp, $email), $link);
if (!$rett) {
    $link->rollBack();
    die('8');
}
$link->commit();
die('9');