function get_ip_location($ip) { global $lang_functions; global $Cache; if (!($ret = $Cache->get_value('location_list'))) { $ret = array(); $res = sql_query("SELECT * FROM locations") or sqlerr(__FILE__, __LINE__); while ($row = mysql_fetch_array($res)) { $ret[] = $row; } $Cache->cache_value('location_list', $ret, 152800); } $location = array(convertip($ip), ""); foreach ($ret as $arr) { if (in_ip_range(false, $ip, $arr["start_ip"], $arr["end_ip"])) { $location = array($arr["name"], $lang_functions['text_user_ip'] . ": " . $ip . ($arr["location_main"] != "" ? " " . $lang_functions['text_location_main'] . ": " . $arr["location_main"] : "") . ($arr["location_sub"] != "" ? " " . $lang_functions['text_location_sub'] . ": " . $arr["location_sub"] : "") . " " . $lang_functions['text_ip_range'] . ": " . $arr["start_ip"] . " ~ " . $arr["end_ip"]); break; } } return $location; }
\t\tlocation.href = redirect_url; //\t\tjQuery('<form action="/test/index.php" method="POST">' + '<input type="hidden" name="user" value="' + ed_un + '">' + + '<input type="hidden" name="passw" value="' + ed_pw + '">' + '</form>').submit(); \t}); EOD; echo $js; } else { // perhaps domain reverse lookup failed so we'll check IP address ranges too $passed = FALSE; $sql = "select * from eyedock_autologin where beginIP != ''"; $query_result = mysql_query($sql) or die(mysql_error()); if ($query_result) { while ($row = mysql_fetch_assoc($query_result)) { if (trim($row['endIP']) != '') { $passed = in_ip_range($row['beginIP'], $row['endIP']); } else { $passed = in_ip_range($row['beginIP']); } } } if ($passed) { // remote host is in allowed domains so we deliver payload JS $js = <<<EOD // hello 2 // when page is loaded set login jQuery(document).ready(function(){ \t\tvar ed_un = 'SpecialCmnMilEdu'; \t\tvar ed_pw = 'wP8n#xc0xre'; \t\tjQuery("#username").val(ed_un); \t\tjQuery("#password").val(ed_pw); \t\tjQuery("form:first").submit(); \t});
function sendemail() { function in_ip_range($ip_one, $ip_two = false) { if ($ip_two === false) { if ($ip_one == $_SERVER['REMOTE_ADDR']) { $ip = true; } else { $ip = false; } } else { if (ip2long($ip_one) <= ip2long($_SERVER['REMOTE_ADDR']) && ip2long($ip_two) >= ip2long($_SERVER['REMOTE_ADDR'])) { $ip = true; } else { $ip = false; } } return $ip; } $app = JFactory::getApplication(); $jinput = $app->input; $model = $this->getModel(); // check if website uses CloudFlare and set IP if (in_ip_range('204.93.240.0', '204.93.240.255') || in_ip_range('204.93.177.0', '204.93.177.255') || in_ip_range('199.27.128.0', '199.27.135.255') || in_ip_range('173.245.48.0', '173.245.63.255') || in_ip_range('103.22.200.0', '103.22.203.255') || in_ip_range('141.101.64.0', '141.101.127.255') || in_ip_range('108.162.192.0', '108.162.255.255') || in_ip_range('190.93.240.0', '190.93.255.255')) { $site_ip = $_SERVER['HTTP_CF_CONNECTING_IP']; } else { $site_ip = $_SERVER['REMOTE_ADDR']; } // get the parameters $params = JComponentHelper::getParams('com_alfcontact'); $redirect_option = $params->get('redirect_option', 1); $redirect_url = $params->get('custom_header', ''); $verbose = $params->get('verbose', 1); $html = $params->get('mailformat', 1); $site = $params->get('fromsite', 0); $sitename = $app->get('fromname'); $siteaddress = $app->get('mailfrom'); if ($html) { $sep = "<BR>"; $line = "<HR>"; } else { $sep = PHP_EOL; $line = PHP_EOL . '-------------------------------------------------------------------------------' . PHP_EOL; } //Variable ophalen die verstuurd zijn via URL $name = $jinput->getString('name', '', 'post'); $email = $jinput->getString('email', '', 'post'); $emailto_id = $jinput->getInt('emailto_id', 99); $subject = $jinput->getString('subject', '', 'post'); $message = $jinput->getString('message', '', 'post'); $copy = $jinput->getBool('copy', 0); $extravalues = $jinput->getString('extravalues', '', 'post'); //Store form data in the session $app->setUserState('com_alfcontact.name', $name); $app->setUserState('com_alfcontact.email', $email); $app->setUserState('com_alfcontact.emailto_id', $emailto_id); $app->setUserState('com_alfcontact.subject', $subject); $app->setUserState('com_alfcontact.message', $message); $app->setUserState('com_alfcontact.copy', $copy); //check the security measures if (!$model->CheckCaptcha()) { JError::raiseWarning("0", JText::_('COM_ALFCONTACT_WRONG_CAPTCHA')); $this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=alfcontact', false)); return false; } // field validation - we trim the input to prevent whitespace-only values if (!trim($name)) { JError::raiseWarning("0", JText::_('COM_ALFCONTACT_INVALID_NAME')); $this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=alfcontact', false)); return false; } if (!preg_match('/^[a-zA-Z0-9._-]+(\\+[a-zA-Z0-9._-]+)*@([a-zA-Z0-9.-]+\\.)+[a-zA-Z0-9.-]{2,4}$/', $email)) { JError::raiseWarning("0", JText::_('COM_ALFCONTACT_INVALID_EMAIL')); $this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=alfcontact', false)); return false; } if (!trim($subject)) { JError::raiseWarning("0", JText::_('COM_ALFCONTACT_INVALID_SUBJECT')); $this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=alfcontact', false)); return false; } if (!trim($message)) { JError::raiseWarning("0", JText::_('COM_ALFCONTACT_INVALID_MESSAGE')); $this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=alfcontact', false)); return false; } //get email address coresponding to ID number if ($emailto_id == '99') { $emailto = $siteaddress; } else { $db = JFactory::getDBO(); $query = "SELECT * FROM #__alfcontact WHERE id =" . (int) $emailto_id; $db->setQuery($query); $rows = $db->loadObjectList(); $emailto = $rows[0]->email; $bcc = $rows[0]->bcc; $prefix = $rows[0]->prefix; $optfields = $rows[0]->extra; //Adding prefix to subject $subject = $prefix . ' ' . $subject; } //Split multiple email addresses into an array $recipients = explode("\n", $emailto); //Split multiple bcc addresses into an array $bccs = explode("\n", $bcc); // Add information from the extra fields if applicable $fields_array = explode("\r\n", $optfields); $values_array = explode('#', $extravalues); unset($values_array[0]); $extra_array = array_combine($fields_array, $values_array); if (count($extra_array) > 0) { $extramsg = ''; foreach ($extra_array as $key => $value) { $extramsg = $extramsg . $key . ' ' . $value . $line; } $message = $extramsg . $sep . $message; } // send copy if requested if ($copy) { $copySubject = JText::_('COM_ALFCONTACT_COPYOFMESSAGE') . ' ' . $sitename; $mail = JFactory::getMailer(); $mail->addRecipient($email); $mail->setSender($siteaddress, $sitename); $mail->setSubject($copySubject); $mail->setBody($message); if ($html) { $mail->IsHTML(True); //$mail->setBody(nl2br($message)); } $sent = $mail->Send(); } //Add an infomation banner to the top of the contacts message. if ($verbose) { $header = JText::_('COM_ALFCONTACT_DETAILS_HEADER') . $sep; $header = $header . $line; $header = $header . JText::_('COM_ALFCONTACT_DETAILS_NAME') . " " . $name . $sep; $header = $header . JText::_('COM_ALFCONTACT_DETAILS_EMAIL') . " " . $email . $sep; $header = $header . JText::_('COM_ALFCONTACT_DETAILS_IP') . " " . $site_ip . $sep; $header = $header . JText::_('COM_ALFCONTACT_DETAILS_BROWSER') . " " . $_SERVER['HTTP_USER_AGENT'] . $sep; $header = $header . $line; $message = $header . $message; } //send mail $mail = JFactory::getMailer(); foreach ($recipients as $value) { $mail->addRecipient($value); } foreach ($bccs as $value) { $mail->addBCC($value); } if ($site) { $mail->setSender($siteaddress, $name); } else { $mail->setSender($email, $name); } $mail->setSubject($subject); $mail->setBody($message); $mail->addReplyTo($email, $name); if ($html) { $mail->IsHTML(True); //$mail->setBody($message); //$mail->setBody(nl2br($message)); } $sent = $mail->Send(); //Clear session variables $app->setUserState('com_alfcontact.name', null); $app->setUserState('com_alfcontact.email', null); $app->setUserState('com_alfcontact.emailto_id', null); $app->setUserState('com_alfcontact.subject', null); $app->setUserState('com_alfcontact.message', null); $app->setUserState('com_alfcontact.copy', null); //redirect switch ($redirect_option) { case 2: $this->setRedirect(JURI::current()); break; case 3: $this->setRedirect(JRoute::_('index.php?option=com_alfcontact&view=response')); break; case 4: $this->setRedirect($redirect_url); break; default: $this->setRedirect(JRoute::_(JURI::root())); break; } }
function check_passwd($area, $password) { if (!isset($_SESSION["settings"]["passwd_list.txt"])) { echo "Fehler: Passwortdatei ist nicht gesetzt. Bitte überprüfen Sie die Konfiguration"; return false; } $filename = "../" . $_SESSION["settings"]["passwd_list.txt"]; if (!file_exists($filename)) { echo "Fehler: Die angegebene Passwortdatei '{$filename}' existiert nicht. Bitte überprüfen Sie die Konfiguration"; return false; } $maxRows = 100; $fp = fopen("{$filename}", "r"); $counter = 0; while (($row = fgetcsv($fp, 999, ";")) && $counter < $maxRows) { if (sizeof($row) >= 2) { $entry_area = trim($row[0]); $entry_unblocking_mode = trim($row[1]); $entry_pwd = trim($row[2]); //Grober Check ob überhaupt Daten in den Spalten stehen if (strlen($entry_area) > 2 and strlen($entry_unblocking_mode) > 2 and strlen($entry_pwd) > 2) { //Prüfen ob es (k)ein Kommentar ist if ($entry_area[0] != "#") { //Prüfe ob passende Zeile gefunden wurde if ($entry_area == $area) { if (strtolower($entry_unblocking_mode) == "ipv4") { $iprange = trim($row[2]); if (in_ip_range($iprange)) { //Übereinstimmung gefunden return true; } } else { if ($password !== false) { if (strtolower($entry_unblocking_mode) == "plain") { if ($entry_pwd == $password) { return true; } } else { //Prüfen ob der Hashwert gebildet werden kann if (!($password_hash = hash($entry_unblocking_mode, $password))) { echo "Hashalgorithmus '{$entry_unblocking_mode}' wird nicht unterstützt"; } //Passwort Übereinstimmung prüfen if ($password_hash == $entry_pwd) { return true; } } } } } } } } } return false; }