function postRequest($url, $data)
{
$url = parseUrl($url);
$eol = "\r\n";
$headers = "POST " . $url['path'] . " HTTP/1.1" . $eol . "Host: " . $url['host'] . ":" . $url['port'] . $eol . "Referer: " . $url['protocol'] . $url['host'] . ":" . $url['port'] . $url['path'] . $eol . "Content-Type: application/x-www-form-urlencoded" . $eol . "Content-Length: " . strlen($data) . $eol . $eol . $data;
return makeRequest($url, $headers);
}
function getRequest($url)
{
$url = parseUrl($url);
$eol = "\r\n";
$headers = "GET " . $url['path'] . "?" . $url['query'] . " HTTP/1.1" . $eol . "Host: " . $url['host'] . ":" . $url['port'] . $eol . "Connection: close" . $eol . $eol;
return makeRequest($url, $headers);
}
public function getUserInfo($params = array())
{
$params['appkey'] = $this->str_appid;
$params['uid'] = $params['uid'];
$params['create_at'] = $params['create_at'];
$params['expire_in'] = $params['expire_in'];
$params['method'] = 'oauth2/get_token_info';
$response = makeRequest($this->str_url, $params, "GET");
$userinfo = json_decode($response, true);
return $userinfo;
}
public function getOembed($url)
{
//parse contents for display
switch ($format) {
case "json":
//JSON
$this->oembed_string = makeRequest($this->resource_url);
$this->oembed_object = json_decode($this->oembed_string);
break;
case "xml":
//XML
$this->oembed_string = makeRequest($this->resource_url);
$this->oembed_object = new SimpleXMLElement($this->oembed_string);
break;
default:
//HTML
$oembed_array = $this->getOembedUrlFromMetadata($this->resource_url);
$this->oembed_string = file_get_contents($oembed_array['oembed']);
$this->oembed_object = new SimpleXMLElement($this->oembed_string);
break;
}
}
function sqlTest($request)
{
$mass = explode("-tests-", $request);
$request = $mass[0] . "te'st" . $mass[1];
$sql = makeRequest($request);
$wat = preg_match('/(OLE DB | SQL Server | Incorrect Syntax | ODBC Driver
| ORA -|SQL command not | Oracle Error Code | CFQUERY |
MySQL | Sybase | DB2 | Pervasive | Microsoft Access |
MySQL | CLI Driver | The string constant beginning with |
does not have an ending string delimiter |
JET Database Engine error)/i', $sql[1]);
if ($wat == true) {
$sqlVulnerable = 1;
printReport("ALERT: Database Error Message Detected:", '');
} else {
$sqlVulnerable = 0;
}
return $sqlVulnerable;
}
break;
case 'refresh':
// this is the refresh token flow
if (empty($_REQUEST['refresh_token'])) {
$message = 'Refresh request must have `refresh_token` query parameter!';
break;
}
$tokenUrl = sprintf('%s/index.php?oauth/token', $config['api_root']);
$postFields = array('grant_type' => 'refresh_token', 'client_id' => $config['api_key'], 'client_secret' => $config['api_secret'], 'refresh_token' => $_REQUEST['refresh_token']);
$json = makeCurlPost($tokenUrl, $postFields);
$message = renderAccessTokenMessage($tokenUrl, $json);
break;
case 'request':
// step 5
if (!empty($accessToken) && !empty($_REQUEST['url'])) {
list($body, $json) = makeRequest($_REQUEST['url'], $config['api_root'], $accessToken);
if (empty($json)) {
$message = 'Unexpected response from server: ' . var_export($body, true);
} else {
$message = renderMessageForJson($_REQUEST['url'], $json);
if ($_REQUEST['url'] === 'users/me') {
$topic = 'user_notification_' . $json['user']['user_id'];
}
}
}
break;
case 'subscribe':
case 'unsubscribe':
if (empty($_REQUEST['topic'])) {
$message = 'Subscription request must have `topic` parameter!';
break;
}
}
}
}
//Validate the requested URL against the whitelist.
$urlIsValid = count($whitelistPatterns) === 0;
foreach ($whitelistPatterns as $pattern) {
if (preg_match($pattern, $url)) {
$urlIsValid = true;
break;
}
}
if (!$urlIsValid) {
die("Error: The requested URL was disallowed by the server administrator.");
}
$response = makeRequest($url);
$rawResponseHeaders = $response["headers"];
$responseBody = $response["body"];
$responseInfo = $response["responseInfo"];
//A regex that indicates which server response headers should be stripped out of the proxified response.
$header_blacklist_pattern = "/^Content-Length|^Transfer-Encoding|^Content-Encoding.*gzip/i";
//cURL can make multiple requests internally (while following 302 redirects), and reports
//headers for every request it makes. Only proxy the last set of received response headers,
//corresponding to the final request made by cURL for any given call to makeRequest().
$responseHeaderBlocks = array_filter(explode("\r\n\r\n", $rawResponseHeaders));
$lastHeaderBlock = end($responseHeaderBlocks);
$headerLines = explode("\r\n", $lastHeaderBlock);
foreach ($headerLines as $header) {
$header = trim($header);
if (!preg_match($header_blacklist_pattern, $header)) {
header($header);
function renderAccessTokenMessage($tokenUrl, array $json)
{
global $config, $accessToken;
if (!empty($json['access_token'])) {
$accessToken = $json['access_token'];
$message = sprintf('Obtained access token successfully!<br />' . 'Scopes: %s<br />' . 'Expires At: %s<br />', $json['scope'], date('c', time() + $json['expires_in']));
if (!empty($json['refresh_token'])) {
$message .= sprintf('Refresh Token: <a href="index.php?action=refresh&refresh_token=%1$s">%1$s</a><br />', $json['refresh_token']);
} else {
$message .= sprintf('Refresh Token: N/A<br />');
}
list($body, $json) = makeRequest('index', $config['api_root'], $accessToken);
if (!empty($json['links'])) {
$message .= '<hr />' . renderMessageForJson('index', $json);
}
} else {
$message = renderMessageForJson($tokenUrl, $json);
}
return $message;
}
exec($command, $output);
if ($output) {
$xml = new SimpleXMLElement(join($output));
return $xml;
}
return false;
}
switch ($_GET['do']) {
case 'create':
if (!$_GET['todo']) {
die('');
}
$request = <<<REQUEST
<request>
<content>{$_GET['todo']}</content>
<request>
REQUEST;
if (($xml = makeRequest('/todos/create_item/1739529', $request)) !== false) {
echo json_encode($xml);
} else {
echo 'false';
}
break;
case 'list':
if (($xml = makeRequest('/todos/list/1739529')) !== false) {
echo json_encode($xml);
} else {
echo 'false';
}
break;
}
function wp_video_shortcode_callback($atts, $content)
{
extract(shortcode_atts(array('width' => '480', 'height' => '320'), $atts));
global $wp_video_id;
if ($wp_video_id) {
$wp_video_id++;
} else {
$wp_video_id = 1;
}
if ($content == "") {
return wp_video_shortcode($atts, $content);
} else {
$result = "";
//youku
if (preg_match('#http://v.youku.com/v_show/id_(.*?).html#i', $content, $matches)) {
$result = makeRequest($content);
if (preg_match("#var videoId = '(\\d+)';#i", $result, $matches2)) {
$videoId = $matches2[1];
}
$result = '
<div class="wp_video" ><div id="wp_video_' . $wp_video_id . '" ><embed src="http://player.youku.com/player.php/sid/' . $matches[1] . '/v.swf" allowFullScreen="true" quality="high" width="' . $width . '" height="' . $height . '" align="middle" allowScriptAccess="always" type="application/x-shockwave-flash"></embed></div></div>
<script type="text/javascript">
youku("' . $videoId . '","wp_video_' . $wp_video_id . '",{"height":"' . $height . '","width":"' . $width . '"});
</script>
';
} else {
if (preg_match('#http://www.56.com/(.*?)/v_(.*?).html#i', $content, $matches)) {
$result = makeRequest($content);
if (preg_match('#"id":(\\d+)#i', $result, $matches2)) {
$id = $matches2[1];
$json = "http://vxml.56.com/h5json/" . $id . "/?r=b355902c0d049510670e6c4c&t=1411275951&s=7974222849&src=m&callback=jsonp_dfInfo";
}
$result = '
<div class="wp_video" id="wp_video_' . $wp_video_id . '" ><embed src="http://player.56.com/v_' . $matches[2] . '.swf" width="' . $width . '" height="' . $height . '" type="application/x-shockwave-flash" allowFullScreen="true" allowNetworking="all" allowScriptAccess="always" flashvars="tgid=1030_qq7815480&loading_deco_version=off&ban_ad=on&ban_top_panel=on&ban_share_btn=on&ban_over_panel=on" ></embed></div>
<script type="text/javascript">
fivesix("' . $id . '","wp_video_' . $wp_video_id . '",{"height":"' . $height . '","width":"' . $width . '"});
</script>
';
} else {
if (strpos($content, 'www.tudou.com')) {
$lcode = "";
if (preg_match('#www.tudou.com/albumplay/(.*?).html#i', $content, $lcodeMatch)) {
$lcode = $lcodeMatch[1];
}
$result = makeRequest($content);
if (preg_match("#iid: (\\d+)[.\\s\\S]*?,vcode: '(\\w+)'#i", $result, $matches)) {
$iid = $matches[1];
$vcode = $matches[2];
}
$result = '
<div class="wp_video" id="wp_video_' . $wp_video_id . '" ><embed src="http://www.tudou.com/a/' . $lcode . '/&iid=' . $iid . '&resourceId=119586948_05_02_99/v.swf" width="' . $width . '" height="' . $height . '" type="application/x-shockwave-flash" allowscriptaccess="always"allowfullscreen="true" wmode="opaque" ></embed></div>
<script type="text/javascript">
tudou("' . $vcode . '","wp_video_' . $wp_video_id . '",{"height":"' . $height . '","width":"' . $width . '"});
</script>
';
} else {
if (strpos($content, 'tv.sohu.com')) {
$sohu = '';
$result = makeRequest($content);
if (preg_match('#vid="(\\d+)"#i', $result, $matches)) {
$sohu = $matches[1];
}
$result = '
<div class="wp_video" id="wp_video_' . $wp_video_id . '" ><embed src="http://share.vrs.sohu.com/' . $sohu . '/v.swf&topBar=1&autoplay=false" width="' . $width . '" height="' . $height . '" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" wmode="Transparent" ></embed></div>
<script type="text/javascript">
sohu("' . $sohu . '","wp_video_' . $wp_video_id . '",{"height":"' . $height . '","width":"' . $width . '"});
</script>
';
} else {
if (strpos($content, '.iqiyi.com/')) {
$result = makeRequest($content);
if (preg_match('#data-player-tvid="(\\d+)#i', $result, $tvid)) {
$tvid = $tvid[1];
}
if (preg_match('#data-player-videoid="(\\w+)"#i', $result, $videoid)) {
$videoid = $videoid[1];
}
$result = '
<div class="wp_video" id="wp_video_' . $wp_video_id . '" ><embed src="http://player.video.qiyi.com/' . $videoid . '/0/0/v_19rrhv9ifg.swf-tvId=' . $tvid . '-isPurchase=1-cnId=7" width="' . $width . '" height="' . $height . '" align="middle" allowScriptAccess="always" allowFullscreen="true" type="application/x-shockwave-flash" ></embed></div>
<script type="text/javascript">
window.videoType="iqiyi";
var playPageInfo={};
playPageInfo.tvId=' . $tvid . ';
playPageInfo.vid="' . $videoid . '";
playPageInfo.url="";
iqiyi(playPageInfo,"wp_video_' . $wp_video_id . '",{"height":"' . $height . '","width":"' . $width . '"});
</script>
';
} else {
if (strpos($content, 'v.qq.com/')) {
$qq = '';
$qJson = '';
if (preg_match('#vid=(\\w+)#i', $content, $matches)) {
$qq = $matches[1];
} else {
$result = makeRequest($content);
if (preg_match('#vid:"(\\w+)"#i', $result, $matches)) {
$qq = $matches[1];
}
}
$qJson = "http://vv.video.qq.com/geturl?otype=json&vid=" . $qq . "&charge=0&callback=qqback";
$result = '
<div class="wp_video" id="wp_video_' . $wp_video_id . '" ><embed src="http://static.video.qq.com/TPout.swf?auto=0&vid=' . $qq . '" width="' . $width . '" height="' . $height . '" align="middle" allowScriptAccess="sameDomain" allowFullscreen="true" type="application/x-shockwave-flash" ></embed></div>
<script type="text/javascript">
qq("' . $qq . '","wp_video_' . $wp_video_id . '",{"height":"' . $height . '","width":"' . $width . '"});
</script>
';
} else {
if (strpos($content, 'video.sina.com.cn/')) {
$video = explode('#', $content);
$json = "";
if (count($video) > 1) {
if (strpos($video[1], '-')) {
//匹配上#1-1-135738619-1
$ary = explode('-', $video[1]);
$vid = $ary[2];
} else {
//匹配上#135734426
$vid = $video[1];
}
$order = 1;
$swf = "http://p.you.video.sina.com.cn/swf/quotePlayer20140807_V4_4_42_40.swf?autoPlay=0&actlogActive=1&as=1&uid=28&pid=28&vid=" . $vid . "&tj=1";
} else {
$result = makeRequest($content);
if (preg_match("#swfOutsideUrl:'(.*?)',[\\s\\S]*ipad_vid:'(\\d+)'#i", $result, $matches)) {
//swf swf
$order = 2;
$swf = $matches[1];
$vid = $matches[2];
}
}
$result = '
<div class="wp_video" id="wp_video_' . $wp_video_id . '" ><embed src="' . $swf . '" width="' . $width . '" height="' . $height . '" align="middle" allowScriptAccess="always" allowFullscreen="true" type="application/x-shockwave-flash" ></embed></div>
<script type="text/javascript">
sina("' . $vid . '",' . $order . ',"wp_video_' . $wp_video_id . '",{"height":"' . $height . '","width":"' . $width . '"});
</script>
';
} else {
if (strpos($content, 'v.pptv.com/')) {
$pptv = '';
$result = makeRequest($content);
if (preg_match("#\"id\":(\\d+),\"id_encode\":\"(.*?)\",[\\s\\S]*,\"ctx\":\"(.*?)\"#i", $result, $matches)) {
//swf
$pptv = $matches[2];
$pptv = "http://player.pptv.com/v/" . $pptv . ".swf";
$kk = pptv_getKK($matches[3]);
//id
$vid = $matches[1];
}
$result = '
<div class="wp_video" id="wp_video_' . $wp_video_id . '"><embed src="' . $pptv . '" flashvars="ap=0" width="' . $width . '" height="' . $height . '" align="middle" allowScriptAccess="always" allowFullscreen="true" type="application/x-shockwave-flash" ></embed></div>
<script type="text/javascript">
pptv("' . $vid . '","' . $kk . '","wp_video_' . $wp_video_id . '",{"height":"' . $height . '","width":"' . $width . '"});
</script>
';
}
}
}
}
}
}
}
}
return $result;
}
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//Set the request URL.//
curl_setopt($ch, CURLOPT_URL, $url);
//Make the request.
$response = curl_exec($ch);
$responseInfo = curl_getinfo($ch);
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close($ch);
//Setting CURLOPT_HEADER to true above forces the response headers and body
//to be output together--separate them.
$responseHeaders = substr($response, 0, $headerSize);
$responseBody = substr($response, $headerSize);
return array("headers" => $responseHeaders, "body" => $responseBody, "responseInfo" => $responseInfo);
}
$requestUrl = $procotolHeader . $host . $_SERVER["REQUEST_URI"];
$response = makeRequest($requestUrl);
$response = str_ireplace(array_keys($hosts), array_keys($hostsFlip), $response);
$rawResponseHeaders = $response["headers"];
$responseBody = $response["body"];
$responseInfo = $response["responseInfo"];
//IMP:$rawResponseHeaders = str_ireplace("domain=." . $oHost, "domain=." . $pHost, $rawResponseHeaders);//cookie
$rawResponseHeaders = str_ireplace($oHost, $pHost, $rawResponseHeaders);
//cURL can make multiple requests internally (while following 302 redirects), and reports
//headers for every request it makes. Only proxy the last set of received response headers,
//corresponding to the final request made by cURL for any given call to makeRequest().
$responseHeaderBlocks = array_filter(explode("\r\n\r\n", $rawResponseHeaders));
$lastHeaderBlock = end($responseHeaderBlocks);
//IMP:$headerLines = explode("\r\n", $rawResponseHeaders);
$headerLines = explode("\r\n", $lastHeaderBlock);
$resetedContent_Length = false;
foreach ($headerLines as $header) {
$handle = fopen($pathToFile, "r") or die('error, can not open file');
printReport("begin scan", "");
while (!feof($handle)) {
$request = trim(fgets($handle));
if (stristr($request, "POST") !== false or stristr($request, "GET") !== false) {
$str = explode('Cookie: ', $request);
$request = $str[0];
$cookie = $str[1];
$t = explode('/view/', $request);
if (!stristr($t[1], "=")) {
if (isset($t[1])) {
$request = $t[0] . '/view?id=' . $t[1];
}
}
if (strpos($request, '?')) {
$oStatus = makeRequest($request, false);
$massData = explode('?', $request);
$regParams = explode('&', $massData[1]);
$pLogEntry = $massData[0];
foreach ($regParams as $parameter) {
$pName = explode("=", $parameter);
$pLogEntry .= "+" . $pName[1];
}
$k = count($regParams);
for ($i = 0; $i < $k; $i++) {
$testData = '';
for ($j = 0; $j < $k; $j++) {
if ($j == $i) {
$tf = $regParams[$j];
$varName = explode("=", $tf);
$testData .= $varName[0] . "=" . "-tests-" . "&";
if ((empty($_SERVER['REQUEST_METHOD']) || $_SERVER['REQUEST_METHOD'] !== 'GET') && !empty($apiRoot) && !empty($apiKey) && !empty($apiSecret) && !empty($apiScope)) {
$_SESSION['api_root'] = $apiRoot;
$_SESSION['api_key'] = $apiKey;
$_SESSION['api_secret'] = $apiSecret;
$_SESSION['api_scope'] = $apiScope;
$_SESSION['ignore_config'] = true;
$location = 'index.php';
if (!empty($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'HEAD') {
// a HEAD request, redirect to setup.php with all configuration needed
// but only after verification (!important)
// used in the add-on installer when it issues HEAD request to verify itself
if (isLocal($apiRoot)) {
// accepts all local addresses
} else {
$ott = generateOneTimeToken($apiKey, $apiSecret);
list(, $json) = makeRequest('', $apiRoot, $ott);
if (empty($json['links'])) {
header('HTTP/1.0 403 Forbidden');
exit;
}
}
$location = sprintf('%s?api_root=%s&api_key=%s&api_secret=%s&api_scope=%s', getBaseUrl(), rawurlencode($apiRoot), rawurlencode($apiKey), rawurlencode($apiSecret), rawurlencode($apiScope));
$bitlyToken = getenv('BITLY_TOKEN');
if (!empty($bitlyToken)) {
$location = bitlyShorten($bitlyToken, $location);
}
}
header('Location: ' . $location);
exit;
}
?>
// close the response
fclose($fp);
return $result;
}
// Request AccessToken
$authUrl = "https://{$client_id}:{$client_secret}@auth.sphere.io/oauth/token";
$data = array("grant_type" => "client_credentials", "scope" => "manage_project:{$project_key}");
$options = array('http' => array('header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data)));
$context = stream_context_create($options);
$authResult = makeRequest($authUrl, $context);
$access_token = $authResult["access_token"];
// Fetch products
$productUrl = "https://api.sphere.io/{$project_key}/product-projections";
$options = array('http' => array('header' => "Authorization: Bearer {$access_token}", 'method' => 'GET'));
$c = stream_context_create($options);
$result = makeRequest($productUrl, $c);
// array
$jsoncontentitemapi = file_get_contents($productUrl, false, $c);
$jsondecodeditemapi = json_decode($jsoncontentitemapi);
$new_array = json_decode($jsondecodeditemapi);
//ms($itemapidata);
?>
</head>
<body>
<div class="container">
<div class="product">
<img src="image_1.jpg" class="active"/>
<img src="image_2.jpg"/>
<img src="image_3.jpg"/>
<?php
require "inc.php";
$NextMarker = $argv[1];
$config = ['bucket' => $bucket, 'accessKey' => $accessKey, 'secretAccessKey' => $secretAccessKey, 'endpoint' => $endpoint];
//$opt = '?max-keys=3&prefix=vitamin/backup/db/';
//$opt = '?max-keys=1000&delimiter=backups/&marker=' . $NextMarker;
//$opt = '?max-keys=1000&prefix=vitamin/backup/app&marker=' . $NextMarker;
$opt = '?max-keys=1000&marker=' . $NextMarker;
$resource = "/{$config['bucket']}";
$req = makeRequest($config, $resource);
$res = file_get_contents($req['url'] . $opt, false, $req['context']);
echo $res;
function makeRequest($config, $resource)
{
$datetime = new DateTime('now', new DateTimeZone('UTC'));
$date = $datetime->format(DateTime::RFC1123);
$signature = v2signature($config, "GET", '', '', $datetime, '', $resource);
return ['context' => stream_context_create(["http" => ['method' => 'GET', 'header' => implode("\r\n", ["Authorization: AWS {$config['accessKey']}:{$signature}", "Date: {$date}"])]]), 'url' => "https://{$config['endpoint']}{$resource}"];
}
function v2signature($config, $httpVerb, $contentMd5, $contentType, $datetime, $canonicalizedAmzHeaders, $resource)
{
$stringToSign = $httpVerb . "\n" . $contentMd5 . "\n" . $contentType . "\n" . $datetime->format(DateTime::RFC1123) . "\n" . $canonicalizedAmzHeaders . $resource;
return base64_encode(hash_hmac('sha1', $stringToSign, $config['secretAccessKey'], true));
}
<?php
require_once __DIR__ . '/../vendor/autoload.php';
$hideMyAssApi = new \HideMyAssAPI\HideMyAssAPI();
/** @var \HideMyAssAPI\Proxy[] $proxyList */
$proxyList = $hideMyAssApi->getProxy();
for ($index = 0; $index < 50; $index++) {
makeRequest($proxyList[$index]);
}
function makeRequest($proxy)
{
$multi_curl = new \Curl\MultiCurl();
$multi_curl->success(function ($instance) {
echo '<li>call to "' . $instance->url . '" was successful.' . "</li>";
/*echo '<li>response: ' . $instance->response . "</li>";*/
});
$multi_curl->error(function ($instance) {
echo '<li>call to "' . $instance->url . '" was unsuccessful.' . "</li>";
echo '<li>error code: ' . $instance->errorCode . "</li>";
echo '<li>error message: ' . $instance->errorMessage . "</li>";
});
$multi_curl->complete(function ($instance) {
echo '<li>call completed</li>';
});
$multi_curl->addGet('http://laptrinh.senviet.org');
$multi_curl->setOpt(CURLOPT_PROXY, $proxy->toString());
$multi_curl->setOpt(CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
$multi_curl->start();
}
function dmm_item($num)
{
$item_id = $num;
$m_floor = ['playgirl', 'dream', 'hmp', 'waap', 'kmp', 'shirouto', 'nikkatsu', 'paradisetv', 'animech', 'avstation', 'alice', 'crystal', 'momotarobb', 'moodyz', 'prestige', 'jukujo', 'sod', 'mania', 's1', 'mousouzoku'];
return $data = makeRequest($item_id, $m_floor);
}
function get_url($url)
{
global $timeConsum;
$reg = "/^https?:\\/\\/[^\\/].+\$/";
if (!preg_match($reg, $url)) {
return "";
}
$startTime = microtime(true);
// $content = file_get_contents( $url );
$response = makeRequest($url);
// $rawResponseHeaders = $response[ "headers" ];
$content = $response["body"];
$timeConsum = (int) ((microtime(true) - $startTime) * 1000);
return $content;
}