} else { $_SERVER['MASQUERADE'] = FALSE; } } elseif (user_verify_fingerprint($sid)) { // VALID SESSION ID FOUND $_SERVER["SESSION_ID"] = $sid; } elseif (user_verify_fingerprint($_POST[$_SERVER['AUTH_COOKIE']])) { // VALID FINGERPRINT VIA POST // this is so the write form can't expire even if the user leaves it // up past cookie expiry. } } // Cookie Updates //------------------------------------------------------------------- // if the user is not masquerading, we update the cookie expiry if (!user_verify_fingerprint($_COOKIE['mau'])) { if ($_COOKIE['remember'] == 'remember=' && user_is_valid($user, $pass)) { login($user, $pass, FALSE, FALSE); } if ($_COOKIE['remember'] == 'remember=1' && user_is_valid($user, $pass)) { login($user, $pass, 1, FALSE); } } // SMILEY_FUNCTIONS INCLUDE //------------------------------------------------------------------------------ // Include the smileys functions if the user is reading or writing something // that could involve smileys, and they don't have the smileys-destroyer // turned on in their preferences. if ((strpos($_SERVER['REQUEST_URI'], 'read') || strpos($_SERVER['REQUEST_URI'], 'write') || strpos($_SERVER['REQUEST_URI'], 'help')) && $_SERVER['USERINFO_ARRAY']['hatessmileys'] == FALSE) { include_once 'smiley_functions.php'; }
function get_recent($params) { global $xmlrpcerruser; global $SYSTEM; $blogid = $params->getParam(0); $username = $params->getParam(1); $password = $params->getParam(2); $numposts = $params->getParam(3); $uid = $username->scalarval(); $pwd = $password->scalarval(); $usr = NewUser($uid); # Again, let's just skip the permissions check since this information is # public anyway. user_verify_fingerprint(user_get_fingerprint($username->scalarval(), $password->scalarval())); if (user_is_valid($username->scalarval(), $password->scalarval())) { $plan_array = array_merge($plan_array, files_list($plan_dir, "plan{$limiter}*.txt{$private}")); rsort($plan_array); $arr = array(); for ($i = 0; $i < $numposts->scalarval(); $i++) { } $arr[] = entry_to_struct($plan_array[$i]); $ret = new xmlrpcresp(new xmlrpcval($arr, 'array')); } else { $ret = new xmlrpcresp(0, $xmlrpcerruser + 3, "Invalid login"); } return $ret; }
<?php $_SERVER['AUTH_COOKIE'] = 'fingerprint_v4'; $_SERVER['FILE_ROOT'] = '/home/planwatc/public_html'; include_once '/home/planwatc/public_html/scripts/siteconfig.php'; include_once '/home/planwatc/public_html/scripts/plan_read.php'; include_once '/home/planwatc/public_html/backend/xmlrpc.inc'; include_once '/home/planwatc/public_html/scripts/standard_library/user_info_functions.php'; include_once '/home/planwatc/public_html/scripts/standard_library/plan_info_functions.php'; include_once '/home/planwatc/public_html/scripts/standard_library/file_functions.php'; /* BACKUP */ $_COOKIE[$_SERVER['AUTH_COOKIE']] = "YmFja3Vw:::d53db979c480aa3ce0d9aaba69495fc8"; user_verify_fingerprint("YmFja3Vw:::d53db979c480aa3ce0d9aaba69495fc8"); $time = time(); $backup_permissions_dir = "{$_SERVER['FILE_ROOT']}/stats/backup_permissions"; $backup_users_list = files_list($backup_permissions_dir, "*.permission"); foreach ($backup_users_list as $userfile) { $username = trim(str_replace(".permission", "", basename($userfile))); $sptime = plan_get_last_update($username); $slastview = plan_get_last_view($username); if ($sptime > $slastview || !$sptime && filemtime("{$_SERVER['USER_ROOT']}/files/{$username}.latest.backup") < $time - 3600 * 6) { $plan = plan_read($username, FALSE, FALSE, FALSE, TRUE); $file = fopen("{$_SERVER['USER_ROOT']}/files/{$username}.{$time}.backup", 'w'); fwrite($file, $plan); fclose($file); $file = fopen("{$_SERVER['USER_ROOT']}/files/{$username}.latest.backup", 'w'); fwrite($file, $plan); fclose($file); } }
<?php /* COOKIE-TEST.PHP tests to see if the cookie got set. if not, adds a session variable and redirects. */ if (!$_GET['redirect_page']) { $_GET['redirect_page'] = '/'; } if (user_verify_fingerprint($_GET[$_SERVER['AUTH_COOKIE']]) && !$_COOKIE[$_SERVER['AUTH_COOKIE']]) { if (!$_GET['newuser']) { redirect("{$_GET['redirect_page']}/sid=" . $_GET[$_SERVER['AUTH_COOKIE']]); } else { redirect("{$nu}/sid=" . $_GET[$_SERVER['AUTH_COOKIE']]); } } else { if ($newuser) { redirect("/firstlogin"); } else { redirect($_GET['redirect_page']); } }