function setSlackMessageF() { global $slack_message; $slack_message = array('token' => htmlspecialchars($_GET["token"]), 'team_id' => htmlspecialchars($_GET["team_id"]), 'team_domain' => htmlspecialchars($_GET["team_domain"]), 'channel_id' => htmlspecialchars($_GET["channel_id"]), 'channel_name' => htmlspecialchars($_GET["channel_name"]), 'timestamp' => htmlspecialchars($_GET["timestamp"]), 'user_id' => htmlspecialchars($_GET["user_id"]), 'user_name' => htmlspecialchars($_GET["user_name"]), 'text' => htmlspecialchars($_GET["text"]), 'trigger_word' => htmlspecialchars($_GET["trigger_word"])); setToken($slack_message["token"]); //checkToken(); }
<?php require_once 'phpconf.php'; require_once 'phpfunc.php'; require_once 'phpsecurity.php'; session_cache_expire(0); session_cache_limiter('private_no_expire'); session_start(); if ($_SERVER['REQUEST_METHOD'] != 'POST') { // CSRF対策 setToken(); } else { $_POST = arrayString($_POST); checkToken(); $emailre = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD'; $passre = '/^[0-9a-zA-Z]{6,20}$/'; $birthre = '/\\d{4}\\-\\d{2}\\-\\d{2}/'; $error = []; if (1 > strlen($_POST['name']) || strlen($_POST['name']) > 20) { $error[] = '名前は1文字以上20文字以内'; } if (!preg_match($emailre, $_POST['email'])) { $error[] = '不正なメールアドレス'; } else { if (emailExists($_POST['email']) != 0) { $error[] = 'このメールアドレスは既に登録されています'; } } if (!preg_match($passre, $_POST['password'])) { $error[] = 'パスワードは英数字6文字以上20文字以内'; } else {
/** * Returns: * 0: Password correct * 1: No password entered * 2: Password incorrect * @param unknown_type $password */ function login($password) { $filePath = $_SERVER['DOCUMENT_ROOT'] . '/' . 'FileViewer/config.ini'; $content = parse_ini_file($filePath); if (!isset($password) || '' == $password) { echo '1'; } else { if (md5($password) == $content['password']) { $token = generateToken(); setcookie('token', $token); setToken($token); echo '0'; } else { echo '2'; } } }
if (isset($_POST["pass_old"]) and isset($_POST["pass_new"])) { include "users.php"; if ($users["admin"] == md5($_POST["pass_old"]) and $_POST["pass_new"] == $_POST["pass_new_repeat"]) { $exec = "sed -i 's/\\\\=\\\"" . md5($_POST["pass_old"]) . "\\\"/\\\\=\\\"" . md5($_POST["pass_new"]) . "\\\"/g' ./users.php"; //echo $exec; //exit; //exec("$bin_danger \"" . $exec . "\"" ); //DEPRECATED exec_fruitywifi($exec); $pass_msg = 1; } else { $pass_msg = 2; } } // -------------- TOKEN ------------------ if (isset($_POST["api_token"])) { $token = setToken(); $exec = "sed -i 's/api_token=.*/api_token=\\\"" . $token . "\\\";/g' ./config/config.php"; exec_fruitywifi($exec); $api_token = $token; } ?> <?php #echo $io_out_iface; #echo $io_in_iface; $ifaces = exec("/sbin/ifconfig -a | cut -c 1-8 | sort | uniq -u |grep -v lo|sed ':a;N;\$!ba;s/\\n/|/g'"); $ifaces = str_replace(" ", "", $ifaces); $ifaces = explode("|", $ifaces); ?> <br>
<?php $token = $_GET["token"]; if (is_null($token)) { } else { setToken($token); } function setToken($token) { $query = "UPDATE gcmToken SET token='" . $token . "' WHERE 1"; $dbLink = mysqli_connect('localhost', 'root', 'pdlwp88qja', 'hci') or die('db die'); mysqli_set_charset($dbLink, 'utf8'); $queryResult = mysqli_query($dbLink, $query) or die("Error: " . mysqli_error($dbLink) . $query); echo "token inserted"; } function getToken() { $query = "SELECT token FROM gcmToken WHERE 1"; $dbLink = mysqli_connect('localhost', 'root', 'pdlwp88qja', 'hci') or die('db die'); mysqli_set_charset($dbLink, 'utf8'); $queryResult = mysqli_query($dbLink, $query) or die("Error: " . mysqli_error($dbLink) . $query); $arrayResult = array(); while ($result = mysqli_fetch_array($queryResult)) { array_push($arrayResult, $result); } $token = $arrayResult[0]["token"]; return $token; } function sendMessage($message, $cmd = "nothing") { $serverKey = 'AIzaSyCtxTkAPKiSKGOGehDxt97Z8zI7EqrHp6A';
<h2 class="form-signin-heading">ログイン</h2> <dl class="form-signin-body"> <dt> <span>ID</span> </dt> <dd> <label for="inputUid" class="sr-only"></label> <input id="inputUid" class="form-control" required="" autofocus="" name="uid"> </dd> <dt> <span>パスワード</span> </dt> <dd> <label for="inputPassword" class="sr-only"></label> <input type="password" id="inputPassword" class="form-control" required="" name="pswd"> </dd> </dl> <div class="checkbox"> <label> <input type="checkbox" value="remember-me">パスワードを記憶する </label> </div> <button id="buttonSubmit" class="btn btn-lg btn-default btn-block" type="submit">ログイン</button> <input type="hidden" name="token" value="<?php echo setToken(); ?> " /> </form> </div> </body> </html>
} } else { makeError(2); } } else { if (array_key_exists("password", $r)) { // login with password $queryuser = "******"; $resultuser = mysqli_query($con, $queryuser); if (mysqli_num_rows($resultuser) > 0) { // pass correct // ALL USER DATA $userarr = mysqli_fetch_assoc($resultuser); unset($userarr['phash']); $randstr = generateToken(); $result = setToken($userarr['id'], $randstr); if ($result) { $rarr['token'] = $randstr; $rarr = array_merge($rarr, $userarr); die(json_encode($rarr)); } else { makeError(2); } // db err } else { makeError(4); } // wrong cred } else { makeError(1); // wrong option
require_once ROOT_PATH . "php/configs/configs.php"; require_once ROOT_PATH . "php/functions/lib_files.php"; require_once ROOT_PATH . "php/functions/lib_movies.php"; if (!isset($_POST['path']) || empty($_POST['path'])) { $error = "Path for scanning is empty !"; return false; } $paths = array($_POST['path']); $db = connectDB(); if (($paths_checking = getTokenChecking($db)) === false) { $error = "Internal server error"; return false; } elseif (!empty($paths_checking)) { foreach ($paths_checking as $row) { $return = strpos($paths[0], $row["path"], 0); if ($return !== false) { $error = "This path is being processed !"; return false; } } } $id_token = setToken($db, $paths[0], "Getting all files in source"); //echo $id_token; $result = array(); if (getFilms($result, $paths) === false) { removeToken($db, $id_token); return false; } updateToken($db, $id_token, "Getting information for all movies find in the source"); recoverInfoMovies($result); removeToken($db, $id_token);