$char = chr(ord($char) + ord($keychar)); $result .= $char; } $result = base64_encode($result); $result = str_replace(array('+', '/', '='), array('-', '_', ''), $result); } elseif ($operation == 'DECODE') { $data = str_replace(array('-', '_'), array('+', '/'), $string); $mod4 = strlen($data) % 4; if ($mod4) { $data .= substr('====', $mod4); } $string = base64_decode($data); for ($i = 0; $i < strlen($string); $i++) { $char = substr($string, $i, 1); $keychar = substr($key, $i % strlen($key) - 1, 1); $char = chr(ord($char) - ord($keychar)); $result .= $char; } } return $result; } $encrypted = 'lJamnKA'; $name = 'admin'; for ($key = 99; $key < 1000; $key++) { echo '[+]Testing:' . $key . '||'; if (eccode($name, 'ENCODE', $key) == $encrypted) { echo '---==========Key found:' . $key . '==========---||'; die('Success'); } } die('Fail');
// Retrieve data if ($_GET['Submit'] == 'login') { $id = intval($_GET['id']); $getid = "SELECT first_name, last_name FROM users WHERE user_id = '{$id}'"; $result = mysql_query($getid) or die('<pre>' . mysql_error() . '</pre>'); setcookie('name', eccode(mysql_result($result, 0, "first_name"), 'ENCODE', $cookie_key)); $html .= '<pre>'; $html .= 'ID: ' . $id . '<br>First name: ' . mysql_result($result, 0, "first_name") . '<br> Login success!'; $html .= '</pre>'; } elseif ($_GET['Submit'] == 'view') { if ($_COOKIE['name'] == null) { $html .= '<pre>'; $html .= '请先登录'; $html .= '</pre>'; } else { $getid = "SELECT user_id, first_name, last_name FROM users WHERE first_name = '" . eccode($_COOKIE['name'], 'DECODE', $cookie_key) . "'"; $result = mysql_query($getid) or die('<pre>' . mysql_error() . '</pre>'); $id = mysql_result($result, 0, "user_id"); $first = mysql_result($result, 0, "first_name"); $html .= '<pre>'; $html .= 'ID: ' . $id . '<br>First name: ' . $first . '<br>If it is empty it means not found!'; $html .= '</pre>'; } } } function eccode($string, $operation = 'DECODE', $key = '@LFK24s224%@safS3s%1f%') { $result = ''; if ($operation == 'ENCODE') { for ($i = 0; $i < strlen($string); $i++) { $char = substr($string, $i, 1);