function setSlackMessageF()
{
global $slack_message;
$slack_message = array('token' => htmlspecialchars($_GET["token"]), 'team_id' => htmlspecialchars($_GET["team_id"]), 'team_domain' => htmlspecialchars($_GET["team_domain"]), 'channel_id' => htmlspecialchars($_GET["channel_id"]), 'channel_name' => htmlspecialchars($_GET["channel_name"]), 'timestamp' => htmlspecialchars($_GET["timestamp"]), 'user_id' => htmlspecialchars($_GET["user_id"]), 'user_name' => htmlspecialchars($_GET["user_name"]), 'text' => htmlspecialchars($_GET["text"]), 'trigger_word' => htmlspecialchars($_GET["trigger_word"]));
setToken($slack_message["token"]);
//checkToken();
}
<?php
require_once 'phpconf.php';
require_once 'phpfunc.php';
require_once 'phpsecurity.php';
session_cache_expire(0);
session_cache_limiter('private_no_expire');
session_start();
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
// CSRF対策
setToken();
} else {
$_POST = arrayString($_POST);
checkToken();
$emailre = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD';
$passre = '/^[0-9a-zA-Z]{6,20}$/';
$birthre = '/\\d{4}\\-\\d{2}\\-\\d{2}/';
$error = [];
if (1 > strlen($_POST['name']) || strlen($_POST['name']) > 20) {
$error[] = '名前は1文字以上20文字以内';
}
if (!preg_match($emailre, $_POST['email'])) {
$error[] = '不正なメールアドレス';
} else {
if (emailExists($_POST['email']) != 0) {
$error[] = 'このメールアドレスは既に登録されています';
}
}
if (!preg_match($passre, $_POST['password'])) {
$error[] = 'パスワードは英数字6文字以上20文字以内';
} else {
/**
* Returns:
* 0: Password correct
* 1: No password entered
* 2: Password incorrect
* @param unknown_type $password
*/
function login($password)
{
$filePath = $_SERVER['DOCUMENT_ROOT'] . '/' . 'FileViewer/config.ini';
$content = parse_ini_file($filePath);
if (!isset($password) || '' == $password) {
echo '1';
} else {
if (md5($password) == $content['password']) {
$token = generateToken();
setcookie('token', $token);
setToken($token);
echo '0';
} else {
echo '2';
}
}
}
if (isset($_POST["pass_old"]) and isset($_POST["pass_new"])) {
include "users.php";
if ($users["admin"] == md5($_POST["pass_old"]) and $_POST["pass_new"] == $_POST["pass_new_repeat"]) {
$exec = "sed -i 's/\\\\=\\\"" . md5($_POST["pass_old"]) . "\\\"/\\\\=\\\"" . md5($_POST["pass_new"]) . "\\\"/g' ./users.php";
//echo $exec;
//exit;
//exec("$bin_danger \"" . $exec . "\"" ); //DEPRECATED
exec_fruitywifi($exec);
$pass_msg = 1;
} else {
$pass_msg = 2;
}
}
// -------------- TOKEN ------------------
if (isset($_POST["api_token"])) {
$token = setToken();
$exec = "sed -i 's/api_token=.*/api_token=\\\"" . $token . "\\\";/g' ./config/config.php";
exec_fruitywifi($exec);
$api_token = $token;
}
?>
<?php
#echo $io_out_iface;
#echo $io_in_iface;
$ifaces = exec("/sbin/ifconfig -a | cut -c 1-8 | sort | uniq -u |grep -v lo|sed ':a;N;\$!ba;s/\\n/|/g'");
$ifaces = str_replace(" ", "", $ifaces);
$ifaces = explode("|", $ifaces);
?>
<br>
<?php
$token = $_GET["token"];
if (is_null($token)) {
} else {
setToken($token);
}
function setToken($token)
{
$query = "UPDATE gcmToken SET token='" . $token . "' WHERE 1";
$dbLink = mysqli_connect('localhost', 'root', 'pdlwp88qja', 'hci') or die('db die');
mysqli_set_charset($dbLink, 'utf8');
$queryResult = mysqli_query($dbLink, $query) or die("Error: " . mysqli_error($dbLink) . $query);
echo "token inserted";
}
function getToken()
{
$query = "SELECT token FROM gcmToken WHERE 1";
$dbLink = mysqli_connect('localhost', 'root', 'pdlwp88qja', 'hci') or die('db die');
mysqli_set_charset($dbLink, 'utf8');
$queryResult = mysqli_query($dbLink, $query) or die("Error: " . mysqli_error($dbLink) . $query);
$arrayResult = array();
while ($result = mysqli_fetch_array($queryResult)) {
array_push($arrayResult, $result);
}
$token = $arrayResult[0]["token"];
return $token;
}
function sendMessage($message, $cmd = "nothing")
{
$serverKey = 'AIzaSyCtxTkAPKiSKGOGehDxt97Z8zI7EqrHp6A';
<h2 class="form-signin-heading">ログイン</h2> <dl class="form-signin-body"> <dt> <span>ID</span> </dt> <dd> <label for="inputUid" class="sr-only"></label> <input id="inputUid" class="form-control" required="" autofocus="" name="uid"> </dd> <dt> <span>パスワード</span> </dt> <dd> <label for="inputPassword" class="sr-only"></label> <input type="password" id="inputPassword" class="form-control" required="" name="pswd"> </dd> </dl> <div class="checkbox"> <label> <input type="checkbox" value="remember-me">パスワードを記憶する </label> </div> <button id="buttonSubmit" class="btn btn-lg btn-default btn-block" type="submit">ログイン</button> <input type="hidden" name="token" value="<?php echo setToken(); ?> " /> </form> </div> </body> </html>
}
} else {
makeError(2);
}
} else {
if (array_key_exists("password", $r)) {
// login with password
$queryuser = "******";
$resultuser = mysqli_query($con, $queryuser);
if (mysqli_num_rows($resultuser) > 0) {
// pass correct
// ALL USER DATA
$userarr = mysqli_fetch_assoc($resultuser);
unset($userarr['phash']);
$randstr = generateToken();
$result = setToken($userarr['id'], $randstr);
if ($result) {
$rarr['token'] = $randstr;
$rarr = array_merge($rarr, $userarr);
die(json_encode($rarr));
} else {
makeError(2);
}
// db err
} else {
makeError(4);
}
// wrong cred
} else {
makeError(1);
// wrong option
require_once ROOT_PATH . "php/configs/configs.php";
require_once ROOT_PATH . "php/functions/lib_files.php";
require_once ROOT_PATH . "php/functions/lib_movies.php";
if (!isset($_POST['path']) || empty($_POST['path'])) {
$error = "Path for scanning is empty !";
return false;
}
$paths = array($_POST['path']);
$db = connectDB();
if (($paths_checking = getTokenChecking($db)) === false) {
$error = "Internal server error";
return false;
} elseif (!empty($paths_checking)) {
foreach ($paths_checking as $row) {
$return = strpos($paths[0], $row["path"], 0);
if ($return !== false) {
$error = "This path is being processed !";
return false;
}
}
}
$id_token = setToken($db, $paths[0], "Getting all files in source");
//echo $id_token;
$result = array();
if (getFilms($result, $paths) === false) {
removeToken($db, $id_token);
return false;
}
updateToken($db, $id_token, "Getting information for all movies find in the source");
recoverInfoMovies($result);
removeToken($db, $id_token);
