return false; } $ch = curl_init($url); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $data = curl_exec($ch); $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($httpcode >= 200 && $httpcode < 300) { return true; } else { return false; } } if (!urlExists("https://smea.mtheall.com/") && !file_exists(filename)) { $ua = $_SERVER['HTTP_USER_AGENT']; } if (!strstr($ua, "Mozilla/5.0 (Nintendo 3DS; U; ; ") && !strstr($ua, "Mozilla/5.0 (New Nintendo 3DS")) { echo "This exploit only supports the Nintendo 3DS main web-browser(s).\n"; //error_log("3dsbrowserhax_common.php: INVALID USER-AGENT."); exit; } if (!isset($generatebinrop)) { $generatebinrop = 0; } if (isset($_REQUEST['browserver'])) { $browserver = intval($_REQUEST['browserver'], 16); } $browserver_regionbitmask = 0x0; if (!isset($browserver)) {
function uniqueUrl($title, $fragment) { $i = 1; $url = implode('/', $title) . '/' . $fragment; while (urlExists($url)) { $fragment = $fragment . '-' . $i; $url = $url . $fragment; $i++; } return $fragment; }
<h1><?php echo $gTitle; ?> </h1> <?php $is_valid_url = false; $url_to_fetch = ""; $bRemovalConfirmed = false; if ($gRurl) { // Do some basic validation $is_valid_url = preg_match("/^(http|https):\\/\\/([A-Z0-9][A-Z0-9_-]*(?:\\.[A-Z0-9][A-Z0-9_-]*)+):?(\\d+)?\\/?/i", $gRurl); if (!$is_valid_url) { echo "<p class=warning>The URL entered is invalid: {$gRurl}</p>\n"; } else { $existingUrl = urlExists($gRurl); if (!$existingUrl) { echo "<p class=warning>Nothing to remove - the URL \"{$gRurl}\" doesn't exist in the HTTP Archive.</p>\n"; } else { // make sure we have a trailing slash $url_to_fetch = substr($gRurl, -1) == '/' ? $gRurl : $gRurl . '/'; $url_to_fetch .= 'removehttparchive.txt'; // This requires setting this in php.ini: allow_url_fopen = On $bRemovalConfirmed = FALSE === @fetchUrl($url_to_fetch) ? false : true; if (!$bRemovalConfirmed) { echo "<p class=warning><a href='{$url_to_fetch}' style='text-decoration: underline; color: #870E00;'>{$url_to_fetch}</a> was not found.<br>{$gRurl} is still archived.</p>\n"; } else { removeSite($gRurl); // queue it for removal echo "<p class=warning style='margin-bottom: 0;'>{$gRurl} will be removed within five business days.</p>\n<p style='margin-top: 0;'>You can remove removehttparchive.txt now.</p>"; }
<?php function urlExists($url = NULL) { if ($url == NULL) { return false; } $ch = curl_init($url); } urlExists("https://stephen-oreilly-test-site.herokuapp.com/"); urlExists("https://smartydemo.herokuapp.com/");
/** * Update a user's session */ public function updateUserSession() { if (isset($_SESSION['user']['id'])) { $data = $this->fetchUserDetailsById($_SESSION['user']['id']); if (empty($data)) { session_destroy(); setcookie('PHPSESSID', '', time() - 3600); return; } $newData = array(); $newData['last_active'] = time(); $newData['last_ip'] = $_SERVER['REMOTE_ADDR']; $this->updateUserById($_SESSION['user']['id'], $newData); foreach ($data as $key => $value) { $_SESSION['user'][$key] = $value; } $_SESSION['site']['permissions'] = $this->fetchSitePermissionsByUserId($data['id']); $_SESSION['user']['logged_in'] = true; $_SESSION['user']['avatar_url'] = strlen($_SESSION['user']['avatar_url']) ? $_SESSION['user']['avatar_url'] : SITE_DEFAULT_AVATAR_URL; if (!strlen(trim($_SESSION['user']['avatar_url']))) { $_SESSION['user']['avatar_url'] = SITE_DEFAULT_AVATAR_URL; } elseif (!urlExists($_SESSION['user']['avatar_url'])) { $_SESSION['user']['avatar_url'] = SITE_DEFAULT_AVATAR_URL; } $_SESSION['user']['profile_url'] = BASEURL . '/' . $_SESSION['user']['username']; $_SESSION['user']['full_name'] = $_SESSION['user']['first_name'] . ' ' . $_SESSION['user']['last_name']; $_SESSION['SITE_DEBUG'] = true; // remove the user's password from the session unset($_SESSION['user']['password']); } else { $_SESSION['user']['logged_in'] = false; $_SESSION['user']['username'] = '******'; $_SESSION['user']['avatar_url'] = SITE_DEFAULT_AVATAR_URL; } }
$query->bindParam(':id', $conn->lastInsertId(), PDO::PARAM_STR); $query->bindParam(':username', $_SESSION['username'], PDO::PARAM_STR); $query->execute(); $conn->commit(); } catch (Exception $e) { $conn->rollBack(); echo "Failed: " . $e->getMessage(); } } if (!$_SESSION["logged"]) { redirect('index.php'); } if ($_FILES['userfile'] || $_POST['urlimage']) { $uploadsDir = 'upload/'; $fileName = basename($_FILES['userfile']['name']); if ($_POST['urlimage'] && urlExists($_POST['urlimage'])) { $fileName = end(explode('/', $_POST['urlimage'])); $source = $_POST['urlimage']; file_put_contents($uploadsDir . $fileName, file_get_contents($source)); setProfilePicture($fileName); } $source = $_FILES['userfile']['tmp_name']; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadsDir . $fileName)) { setProfilePicture($fileName); } } if ($_SESSION["logged"]) { require 'header.php'; $query = $conn->prepare("SELECT path, filename FROM files, users WHERE users.username = :username AND users.image_id = files.id"); $query->bindParam(':username', $_SESSION['username'], PDO::PARAM_STR); $result = $query->execute();
} else { if ($row['count'] == 0) { $errorMessage[] = "Please verify your auth database name is correct and the authentication module has been installed."; } } } } } } //test the base url if entered if ($base_url && $base_url != 'http://') { if (strpos($base_url, 'http://') === false) { $base_url = 'http://' . $base_url; } $test_url = @parse_url($base_url); if (!urlExists($base_url)) { $errorMessage[] = 'Base URL is invalid'; } } if (count($errorMessage) > 0) { $step = "4"; } else { //write the config file $configFile = "../admin/configuration.ini"; $fh = fopen($configFile, 'w'); if (!$fh) { $errorMessage[] = "Could not open file " . $configFile . ". Please verify you can write to the /admin/ directory."; } else { if (!$licensingModule) { $licensingModule = "N"; }
/** * functions downloads cover from twitch.tv * * @param String $game - game name */ function downloadCover($game) { $ok = false; $url = "http://static-cdn.jtvnw.net/ttv-boxart/" . $game . "-92x128.jpg"; if (urlExists($url)) { $temp = "images/" . $game . ".jpg"; file_put_contents($temp, fopen($url, 'r')); $ok = $game; } return $ok; }
$event['description'] = str_replace(PHP_EOL, '<br />' . PHP_EOL, $event['description']); return $event; } return false; } // TODO: it would be nice to be able to cleanly remove a synched calendar // TODO: it would be nice to be able unschedule a scheduled sync without removing the calendar // TODO: how about something to extirpate non-synced data (could be done right now by brute force -- once overwrite is implemented -- by marking all of the cached events as invalid and then importing the calendar and overwriting, but that's a little icky) // TODO: right now, if a user changes a synced event in Canvas, it will never get "corrected" back to the ICS feed... we could cache the Canvas events as well as the ICS feed and do a periodic (much less frequent, given the speed of looking everything up in the API) check and re-sync modified events too /* do we have the vital information (an ICS feed and a URL to a canvas object)? */ if (isset($_REQUEST['cal']) && isset($_REQUEST['canvas_url'])) { // TODO: need to do OAuth here, so that users are forced to authenticate to verify that they have permission to update these calendars! if ($canvasContext = getCanvasContext($_REQUEST['canvas_url'])) { /* check ICS feed to be sure it exists */ if (urlExists($_REQUEST['cal'])) { /* look up the canvas object -- mostly to make sure that it exists! */ if ($canvasObject = callCanvasApi(CANVAS_API_GET, $canvasContext['verification_url'])) { /* calculate the unique pairing ID of this ICS feed and canvas object */ $pairingHash = getPairingHash($_REQUEST['cal'], $canvasContext['canonical_url']); debugFlag('START', getSyncTimestamp()); /* tell users that it's started and to cool their jets */ displayPage(' <h3>Calendar Import Started</h3> <p>The calendar import that you requested has begun. You may leave this page at anytime. You can see the progress of the import by visiting <a target="_blank" href="https://' . parse_url(CANVAS_API_URL, PHP_URL_HOST) . "/calendar?include_contexts={$canvasContext['context']}_{$canvasObject['id']}\">this calendar</a> in Canvas.</p>"); /* use phpicalendar to parse the ICS feed into $master_array */ define('BASE', './phpicalendar/'); require_once BASE . 'functions/date_functions.php'; require_once BASE . 'functions/init.inc.php'; require_once BASE . 'functions/ical_parser.php'; displayError($master_array, false, null, null, DEBUGGING_GENERAL);