function select($queries_list) { foreach ($queries_list as $key => $query_data) { $query_data["sql"] = _decrypt($query_data["sql"]); if (!empty($query_data["fieldToIndex"])) { $query_data["fieldToIndex"] = _decrypt($query_data["fieldToIndex"]); } if ($this->_checkQuery($query_data["sql"])) { trigger_error("You can use onlye the SELECT mysql statement", E_USER_ERROR); } $result = mysql_query($query_data["sql"], $this->dbLink); if (!$result) { $response["data"][$key] = false; continue; } $row_index = 0; while ($result_row = mysql_fetch_assoc($result)) { $response["data"][$key][] = $result_row; if (empty($query_data["fieldToIndex"])) { continue; } $response["indexes"][$key][$query_data["fieldToIndex"] . ":" . $result_row[$query_data["fieldToIndex"]]] = $row_index++; } } return $response; }
/** * Form token validation * @param array $validations The array of validation rules * @return void */ function form_validate($validations = null) { if (!isset($_POST['lc_formToken_' . _cfg('formTokenName')])) { Validation::addError('', _t('Invalid form token.')); return false; } $token = _decrypt(session_get(_cfg('formTokenName'))); $postedToken = _decrypt(_post($_POST['lc_formToken_' . _cfg('formTokenName')])); $result = false; # check token first if ($token == $postedToken) { # check referer if it is requesting in the same site if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] && _cfg('siteDomain')) { $siteDomain = _cfg('siteDomain'); $siteDomain = preg_replace('/^www\\./', '', $siteDomain); $parsedURL = parse_url($_SERVER['HTTP_REFERER']); $parsedURL['host'] = preg_replace('/^www\\./', '', $parsedURL['host']); if (strcasecmp($siteDomain, $parsedURL['host']) == 0) { $result = true; } } } if ($result == false) { Validation::addError('', _t('Error occured during form submission. Please refresh the page to try again.')); return false; } if ($validations && Validation::check($validations) === false) { return false; } return true; }
function CheckLogin($username, $db) { //this queries session table for the actual session and gets user data. similar to ADOdb's cryptsession stuff set $is_auth = true if successful _prunesession($db); //prune database. $res = $db->execute("select * from auth_sessions where sessid=? and sess_time > now()-?", array($this->sessid, AUTH_MAX_LIFETIME)); if ($db->ErrorMsg() == '') { $data = mysql_fetch_array($res); } else { $data = array(); } if (!empty($data)) { $info = _decrypt($data['crypt_data']); $stuff = unserialize("::", $info); if ($stuff['user'] == $username) { $this->is_auth = true; //we have a session and time, we can be pretty sure its same user } else { $this->is_auth = false; $this->LogOut($username, $this->sessid, $db); } } else { $this->is_auth = false; return false; } if ($this->is_auth == true) { $this->sessdata = $stuff; return $this->is_auth; } else { return false; } }
/** * 下载数据包 * @param string $hash 下载秘钥 * @return */ public function download($hash = null) { if (is_null($hash)) { $filename = $this->path . '/' . $this->name . '.zip'; } else { $filename = _decrypt($hash, self::$key); } // 文件打包 header("Cache-Control: public"); header("Content-Description: File Transfer"); header('Content-disposition: attachment; filename=' . basename($filename)); //文件名 header("Content-Type: application/zip"); //zip格式的 header("Content-Transfer-Encoding: binary"); //告诉浏览器,这是二进制文件 header('Content-Length: ' . filesize($filename)); //告诉浏览器,文件大小 @readfile($filename); }
function decrypt($key) { if ($this->cipher == null) { return false; } $data_content =& _decrypt($key, $this->cipher, $this->content); if ($this->description != null) { $data_description =& _decrypt($key, $this->cipher, $this->description); } if ($data_content !== false) { $this->content =& $data; if ($this->description != null) { $this->description =& $data_description; } return true; } return false; }