function load($classCall) { $names = getNames($classCall); if (checkRootNamespace($names)) { if (in_array('board', $names)) { loadBaseClass(end($names)); } elseif (in_array('apps', $names)) { loadApp(end($names), getAppType($names)); } else { findClass($names); } } }
function writeJob($params) { global $f, $app, $name, $tmpdir, $jobNum, $stamp, $cw, $wuname, $MAX_FPOPS_PER_JOB; global $johnpotfile_stamped, $passwordfile_john_stamped, $passwordfile_hashcat_stamped, $configfile_stamped, $rulesfile_stamped; global $wordlist_stamped; $wuname = sprintf("%s_%s_%d_%s", $name, $app, $jobNum, $stamp); // Parameters ================================================== $fpops = 0; $createworkparams = ""; $app_params = createParameters($app, $params, $fpops); $createworkparams = "\t --command_line \"" . str_replace('"', '\\"', $app_params) . "\" \\\n"; $fpops_bound = $fpops * 10; if (getAppSubType() == "cudahashcat+") { $fpops_bound += 15 * ONESECOND_ON_A_FAST_MACHINE; } else { $fpops_bound += 3 * ONESECOND_ON_A_FAST_MACHINE; } //3 Seconds Start up time // Script ====================================================== $cw = ""; $cw .= "bin/create_work \\\n"; $cw .= "\t --appname {$app} \\\n"; $cw .= "\t --wu_name {$wuname} \\\n"; if ($params['rules'] && $params['wordlist'] && getAppType() == "hashcat") { $cw .= "\t --wu_template templates/{$app}_wu_wordlist_rules.xml \\\n"; } else { if ($params['wordlist']) { $cw .= "\t --wu_template templates/{$app}_wu_wordlist.xml \\\n"; } else { $cw .= "\t --wu_template templates/{$app}_wu_no-wordlist.xml \\\n"; } } $cw .= "\t --result_template templates/{$app}_result.xml \\\n"; $cw .= "\t --rsc_fpops_est " . $fpops . " \\\n"; $cw .= "\t --rsc_fpops_bound " . $fpops_bound . " \\\n"; $cw .= "\t --rsc_memory_bound 131072000 \\\n"; //125MB $cw .= $createworkparams; if ($app == "john") { $cw .= "\t {$passwordfile_john_stamped} \\\n"; } else { if (getAppType() == "hashcat") { $cw .= "\t {$passwordfile_hashcat_stamped} \\\n"; } else { die("WTF?"); } } if ($app == "john") { $cw .= "\t {$configfile_stamped} \\\n"; } if ($params['wordlist']) { $cw .= "\t {$wordlist_stamped} \\\n"; } if ($app == "john") { $cw .= "\t {$johnpotfile_stamped} \n"; } else { if ($params['rules'] && $params['wordlist'] && getAppType() == "hashcat") { $cw .= "\t {$rulesfile_stamped} \n"; } else { if (getAppType() == "hashcat") { $cw .= "\t \n"; } else { die("WTF?"); } } } if ($MAX_FPOPS_PER_JOB[$app] > 0) { $maybetime = $fpops / $MAX_FPOPS_PER_JOB[$app]; $cw .= "# Estimate: {$maybetime} hours on a c1.xlarge\n"; } fwrite($f, $cw); $jobNum++; echo "."; if ($jobNum % 10 == 0) { echo $jobNum . "\n"; } }
function logBefore() { $this->startTm = microtime(true); global $APP; $type = getAppType(); $userId = null; if ($type == "user") { $userId = $_SESSION["uid"]; } else { if ($type == "emp" || $type == "store") { $userId = $_SESSION["empId"]; } else { if ($type == "admin") { $userId = $_SESSION["adminId"]; } } } if (!(is_int($userId) || ctype_digit($userId))) { $userId = 'NULL'; } $content = $this->myVarExport($_GET, 2000); $ct = $_SERVER["HTTP_CONTENT_TYPE"]; if (!preg_match('/x-www-form-urlencoded|form-data/i', $ct)) { $post = file_get_contents("php://input"); $content2 = $this->myVarExport($post, 2000); } else { $content2 = $this->myVarExport($_POST, 2000); } if ($content2 != "") { $content .= ";\n" . $content2; } $remoteAddr = @$_SERVER['REMOTE_ADDR'] ?: 'unknown'; $reqsz = strlen($_SERVER["REQUEST_URI"]) + (@$_SERVER["HTTP_CONTENT_LENGTH"] ?: $_SERVER["CONTENT_LENGTH"] ?: 0); $ua = $_SERVER["HTTP_USER_AGENT"]; $ver = getClientVersion(); $sql = sprintf("INSERT INTO ApiLog (tm, addr, ua, app, ses, userId, ac, req, reqsz, ver) VALUES ('%s', %s, %s, %s, %s, {$userId}, %s, %s, {$reqsz}, %s)", date(FMT_DT), Q($remoteAddr), Q($ua), Q($APP), Q(session_id()), Q($this->ac), Q($content), Q($ver["str"])); $this->id = execOne($sql, true); // $logStr = "=== [" . date("Y-m-d H:i:s") . "] id={$this->logId} from=$remoteAddr ses=" . session_id() . " app=$APP user=$userId ac=$ac >>>$content<<<\n"; }
function api_chpwd() { $type = getAppType(); if ($type == "user") { checkAuth(AUTH_USER, true); $uid = $_SESSION["uid"]; } elseif ($type == "emp") { checkAuth(AUTH_EMP, true); $uid = $_SESSION["empId"]; } $pwd = mparam("pwd"); list($oldpwd, $code) = mparam(["oldpwd", "code"]); if (isset($oldpwd)) { # validate oldpwd if ($type == "user" && $oldpwd === "_none") { // 表示不要验证,但只限于新用户注册1小时内 $dt = date(FMT_DT, time() - T_HOUR); $sql = sprintf("SELECT id FROM User WHERE id=%d and createTm>'{$dt}'", $uid); } elseif ($type == "user") { $sql = sprintf("SELECT id FROM User WHERE id=%d and pwd=%s", $uid, Q(hashPwd($oldpwd))); } elseif ($type == "emp") { $sql = sprintf("SELECT id FROM Employee WHERE id=%d and pwd=%s", $uid, Q(hashPwd($oldpwd))); } $row = queryOne($sql); if ($row === false) { throw new MyException(E_AUTHFAIL, "bad password", "密码验证失败"); } } # change password if ($type == "user") { $rv = setUserPwd($uid, $pwd, true); } elseif ($type == "emp") { $rv = setEmployeePwd($uid, $pwd, true); } addToPwdTable($pwd); return $rv; }