function sr($secret = false, $sr = false) { if (!$sr && isset($_REQUEST['signed_request'])) { $sr = $_REQUEST['signed_request']; } if (!$sr) { return false; } if (!$secret) { $secret = session('secret'); } list($encoded_sig, $payload) = explode('.', $sr, 2); $data = json_decode(base64_url_decode($payload), true); // $sig = base64_url_decode($encoded_sig); // if(strtoupper($data['algorithm']) !== 'HMAC-SHA256') { // error_log('Unknown algorithm. Expected HMAC-SHA256'); // return null; // } // $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); // if($sig !== $expected_sig) { // error_log('Bad Signed JSON signature!'); // return null; // } session('sr', $data); if (isset($data['oauth_token'])) { session('access_token', $data['oauth_token']); session('expires', $data['expires']); } return $data; }
public function seeMessageInResponse($message) { $response = $this->getModule('REST')->response; $response = json_decode($response); $data = base64_url_decode($response->data); $data = $this->aes->decrypt($data); file_put_contents('./dump.txt', $data); $data = json_decode($data); $this->assertEquals($message, $data->message); }
function decode_combine($str) { $str = base64_decode($str); $db = new db_query('SELECT "5529e6b0760d73d38d3d3a5bb33e3eaf" as kdm_hash1, kdims.* FROM kdims LIMIT 1'); $hash = mysqli_fetch_assoc($db->result); unset($db); $decode_step1 = str_rot13($str); $decode_hash = str_rot13($hash['kdm_hash1']); $decode_step2 = str_replace($decode_hash, '', $decode_step1); return base64_url_decode($decode_step2); }
function magic_sig_from_dom($dom) { $env_element = $dom->getElementsByTagNameNS(MAGIC_SIG_NS, 'env')->item(0); if (!$env_element) { $env_element = $dom->getElementsByTagNameNS(MAGIC_SIG_NS, 'provenance')->item(0); } if (!$env_element) { return false; } $data_element = $env_element->getElementsByTagNameNS(MAGIC_SIG_NS, 'data')->item(0); $sig_element = $env_element->getElementsByTagNameNS(MAGIC_SIG_NS, 'sig')->item(0); return array('data' => base64_url_decode(preg_replace('/\\s/', '', $data_element->nodeValue)), 'data_type' => $data_element->getAttribute('type'), 'encoding' => $env_element->getElementsByTagNameNS(MAGIC_SIG_NS, 'encoding')->item(0)->nodeValue, 'alg' => $env_element->getElementsByTagNameNS(MAGIC_SIG_NS, 'alg')->item(0)->nodeValue, 'sig' => preg_replace('/\\s/', '', $sig_element->nodeValue)); }
function dr($Enc_Texto, $senha = "1nqv3w5", $iv_len = 16) { $Enc_Texto = base64_url_decode($Enc_Texto); $n = strlen($Enc_Texto); $i = $iv_len; $texto = ''; $iv = substr($senha ^ substr($Enc_Texto, 0, $iv_len), 0, 512); while ($i < $n) { $Bloco = substr($Enc_Texto, $i, 16); $texto .= $Bloco ^ pack('H*', md5($iv)); $iv = substr($Bloco . $iv, 0, 512) ^ $senha; $i += 16; } return preg_replace('/\\x13\\x00*$/', '', $texto); }
function parse_signed_request($signed_request, $secret) { list($encoded_sig, $payload) = explode('.', $signed_request, 2); $sig = base64_url_decode($encoded_sig); $data = json_decode(base64_url_decode($payload), true); if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') { error_log('Unknown algorithm. Expected HMAC-SHA256'); return null; } $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); if ($sig !== $expected_sig) { error_log('Bad Signed JSON signature!'); return null; } return $data; }
function parse_signed_request($input, $secret, $max_age = 3600) { list($encoded_sig, $encoded_envelope) = explode('.', $input, 2); $envelope = json_decode(base64_url_decode($encoded_envelope), true); $algorithm = $envelope['algorithm']; if ($algorithm != 'HMAC-SHA256') { throw new Exception('Invalid request. (Unsupported algorithm.)'); } if ($envelope['issued_at'] < time() - $max_age) { throw new Exception('Invalid request. (Too old.)'); } if (base64_url_decode($encoded_sig) != hash_hmac('sha256', $encoded_envelope, $secret, $raw = true)) { throw new Exception('Invalid request. (Invalid signature.)'); } return $envelope; }
function parse_signed_request($signed_request, $secret) { $arr = explode('.', $signed_request, 2); if (!$arr || count($arr) < 2) { return null; } list($encoded_sig, $payload) = $arr; // decode the data $sig = base64_url_decode($encoded_sig); $data = base64_url_decode($payload); // check sig $expected_sig = hash_hmac('sha256', $payload, $secret, true); if ($sig !== $expected_sig) { return null; } return $data; }
function parse_signed_request($signed_request, $secret) { if (!(list($encoded_sig, $payload) = explode('.', $signed_request, 2) == null)) { print_r('Bad Signed Request!'); return null; } // decode the data $sig = base64_url_decode($encoded_sig); $data = json_decode(base64_url_decode($payload), true); // confirm the signature $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); if ($sig !== $expected_sig) { print_r('Bad Signed JSON signature!'); return null; } return $data; }
function parse_signed_request($input, $secret, $max_age = 3600) { list($encoded_sig, $encoded_envelope) = explode('.', $input, 2); $envelope = json_decode(base64_url_decode($encoded_envelope), true); $algorithm = $envelope['algorithm']; if ($algorithm != 'AES-256-CBC HMAC-SHA256' && $algorithm != 'HMAC-SHA256') { throw new Exception('Invalid request. (Unsupported algorithm.)'); } if ($envelope['issued_at'] < time() - $max_age) { throw new Exception('Invalid request. (Too old.)'); } if (base64_url_decode($encoded_sig) != hash_hmac('sha256', $encoded_envelope, $secret, $raw = true)) { throw new Exception('Invalid request. (Invalid signature.)'); } // for requests that are signed, but not encrypted, we're done if ($algorithm == 'HMAC-SHA256') { return $envelope; } // otherwise, decrypt the payload return json_decode(trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $secret, base64_url_decode($envelope['payload']), MCRYPT_MODE_CBC, base64_url_decode($envelope['iv']))), true); }
function parse_signed_request($signed_request) { list($encoded_sig, $payload) = explode('.', $signed_request, 2); // decode the data $sig = base64_url_decode($encoded_sig); $data = json_decode(base64_url_decode($payload), true); return $data; }
function base64_decrypt($data, $key = false) { $data = base64_url_decode($data); if ($key) { $data = str_rot_pass($data, $key, true); } else { if (Config::get('encryption_key')) { $data = str_rot_pass($data, Config::get('encryption_key'), true); } } return $data; }
$show_path = ''; //file context $value = ''; //file path code page $path_code_page = "BIG-5"; if (!empty($_POST['q']) && isset($_POST['v'])) { //save file $file_path = base64_url_decode($_POST['q']); $v = base64_decode($_POST['v']); file_put_contents($file_path, $v); echo '1'; exit; } if (!empty($_GET['q'])) { //open file $file_path = base64_url_decode($_GET['q']); $show_path = getUTF8String($file_path, $path_code_page); if (file_exists($file_path)) { $path = $_GET['q']; $value = base64_encode(file_get_contents($file_path)); } } ?> <html> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title><?php echo $show_path; ?> </title>
</div> <br> <div id="error"style="color:red;"></div> <div id="success" style="color:green;"></div> <div class="form-group no-side-padding col-md-12"> <label >New Password *</label><br> <input type="password" class="form-control" id="password" placeholder="" required="required" name="password"> </div> <br> <div class="form-group no-side-padding col-md-12"> <label >Confirm password *</label><br> <input type="password" class="form-control" id="cpassword" placeholder="" required="required" name="cpassword"> </div> <br> <input type="hidden" name="email" id="email" value="<?php echo base64_url_decode($_GET['info']); ?> "> <div class="col-md-12 no-side-padding mg-t-20"> <input type="button" name="send" value="Update Password" id="reset_password_btn" class="btn btn-warning"> <!-- <button type="submit" class="btn btn-warning" name="send" value="Update Password">Update Password</button> --> </div> </form> </div> </div>
</div> <!--END WRAPPER--> '; } #================================== } else { if (isset($_SESSION['SAFE_LOGIN'])) { $duration = time() - (int) $_SESSION['timeout']; if ($duration >= $inactive) { unset($_SESSION['SAFE_LOGIN']); redirect(BASE_PATH . '/webroot.php', 1); } if (isset($_POST['admin_x_login'], $_POST['admin_x_pass'])) { //$rsa->loadKey($publicKey); //$rsa->decrypt(base64_url_decode($_GET['code'])) if (isset($_GET['code']) && !empty($_GET['code']) && base64_url_decode($_GET['code']) == $_SESSION['SAFE_LOGIN']) { #LOGIN $sql = "select * from user where username=:u and type=1"; $stmt = $pdo->prepare($sql); $username = escape($_POST['admin_x_login']); $password = $_POST['admin_x_pass']; $stmt->bindValue(':u', $username, PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount()) { $user = $stmt->fetch(PDO::FETCH_OBJ); $salt = $user->salt; $encPassword = $user->password; if (checkhashSSHA($salt, $password) == $encPassword) { session_regenerate_id(true); $_SESSION['login'] = true; $_SESSION['name'] = $user->lname . ' ' . $user->fname;
<?php // Facebook DEAUTH page // ISREAL CONSULTING, LLC // Processes when a user deauthorizes our app and performs actions // Check that we're using SSL if (empty($_SERVER['HTTPS'])) { header('Location: https://www.isrealconsulting.com/app/fb/deauth.php'); exit; } // FB Dev $signed_request = $_REQUEST['signed_request']; function base64_url_decode($input) { return base64_decode(strtr($input, '-_', '+/')); } list($encoded_sig, $payload) = explode('.', $signed_request, 2); // decode the data $sig = base64_url_decode($encoded_sig); // Use this to make sure the signature is correct $data = json_decode(base64_url_decode($payload), true); $user_id = $data['user_id']; // Make a call to the API to get the user_id // then perform actions on the specific user_id
} elseif (preg_match("/^thumb_max\\//is", $url)) { //View anh thumb max $url_in = array("'thumb_max/([a-zA-Z0-9-_./]+),(.*)\\.(jpg|png|gif|jpeg)'"); $url_out = array("\\1.\\3 \\2"); $url_filter = preg_replace($url_in, $url_out, $url); $arr = explode(' ', $url_filter); if (count($arr) == 2) { //Kiem tra dieu kien view anh /*function base64_url_encode($input) { return strtr(base64_encode($input), '+/', '-_'); }*/ function base64_url_decode($input) { return base64_decode(strtr(str_replace('=', '', $input), '-_,', '+/')); } $title = base64_url_decode($arr[1]); EnBacImage::thumbImageWithBackground(urldecode($arr[0]), 0, 0, 0, 1, $title, 1); exit; } else { //Xem ảnh max ko phun text $url_in = array("'thumb_max/([a-zA-Z0-9-_./]+)'"); $url_out = array("\\1"); $url_filter = preg_replace($url_in, $url_out, $url); $arr = explode(' ', $url_filter); if (count($arr) == 1) { //Kiem tra dieu kien view anh EnBacImage::thumbImageWithBackground(urldecode($arr[0]), 0, 0, 0, 1); exit; } } }
echo $ciphertext = $rsa->encrypt($plaintext); //file_put_contents('rsa.key',urlencode(base64_encode($ciphertext))); echo "\n<br/>====BASE64_encode==========================================<br/>\n"; echo base64_url_encode($ciphertext); //urlencode(base64_encode($ciphertext)); echo "\n<br/>====BASE64_decode==========================================<br/>\n"; echo base64_decode(urldecode(urlencode(base64_encode($ciphertext)))); echo "\n<br/>==============================================<br/>\n"; $rsa->loadKey($privateKey); // private key echo $rsa->decrypt($ciphertext); echo "\n<br/>==============================================<br/>\n"; echo base64_decode($_GET['code']); $code = file_get_contents('rsa.key'); echo "\n<br/>==============================================<br/>\n"; echo $rsa->decrypt(base64_url_decode($_GET['code'])); //echo $rsa->decrypt(base64_decode(urldecode($_GET['code']))); echo "<br/>"; echo base64_decode(urldecode($_GET['code'])); echo "<br/>"; if (trim(urlencode($_GET['code'])) == trim($code)) { echo $rsa->decrypt(base64_decode(file_get_contents('rsa.key'))); } else { echo "<br/>NOT MATCH!"; echo "<br/>" . $code; echo "\n<br/>==============================================<br/>\n"; echo $_GET['code']; echo "\n<br/>==============================================<br/>\n"; //echo $rsa->decrypt(base64_decode(urldecode($_GET['code']))); } echo "<br/>";
function spider_facebook_front_end_short($content) { global $wpdb; global $xxx; global $post; ////////////////////regiister page //if(isset($_GET['task']) && isset($_GET['type']) && isset($_GET['appid']) && isset($_GET['g_red']) && ($_GET['task']=='registered' || $_GET['task']=='registration')) if (isset($_GET['task']) && (isset($_GET['fbid']) || isset($_GET['g_red']) || isset($_GET['res']) || isset($_GET['logout_red'])) && ($_GET['task'] == 'login' || $_GET['task'] == 'registered' || $_GET['task'] == 'registration' || $_GET['task'] == 'loginwith' || $_GET['task'] == 'logout')) { $task = esc_attr($_GET['task']); $type = esc_attr($_GET['type']); $appid = esc_attr($_GET['appid']); if (isset($_GET['fb_only'])) { $fb_only = esc_attr($_GET['fb_only']); } else { $fb_only = ''; } $reg_red = $_GET['g_red']; if (isset($_GET['log_red'])) { $log_red = $_GET['log_red']; } else { $log_red = ''; } if (isset($_GET['logout_red'])) { $logout_red = $_GET['logout_red']; } else { $logout_red = ''; } $log_red = str_replace('@@@', '&', $log_red); $logout_red = str_replace('@@@', '&', $logout_red); switch ($task) { case 'logout': wp_logout(); wp_redirect(get_permalink()); return ''; break; case 'registration': if (strpos(get_permalink(), '?')) { $a = get_permalink() . '&task=registered&type=' . $type . '&g_red=' . $reg_red; } else { $a = get_permalink() . '?task=registered&type=' . $type . '&g_red=' . $reg_red; } $encodedurl = urlencode($a); switch ($type) { case 'auto': ?> <iframe src="https://www.facebook.com/plugins/registration? client_id=<?php echo $appid; ?> & redirect_uri=<?php echo $encodedurl; ?> & fields=[ {'name':'name'}, {'name':'first_name'}, {'name':'last_name'}, {'name':'email'}, {'name':'gender'}, {'name':'birthday'}, ] " scrolling="auto" frameborder="no" style="border:none" allowTransparency="true" width="100%" height="800"> </iframe> <?php break; case 'password': ?> <iframe src="https://www.facebook.com/plugins/registration? client_id=<?php echo $appid; ?> & redirect_uri=<?php echo $encodedurl; ?> & fields=[ {'name':'name'}, {'name':'first_name'}, {'name':'last_name'}, {'name':'email'}, {'name':'gender'}, {'name':'birthday'}, {'name':'username','description':'Username','type':'text'}, {'name':'password','description':'Password'}, ] " scrolling="auto" frameborder="no" style="border:none" allowTransparency="true" width="100%" height="1000"> </iframe> <?php break; case 'captcha': ?> <iframe src="https://www.facebook.com/plugins/registration? client_id=<?php echo $appid; ?> & redirect_uri=<?php echo $encodedurl; ?> & fields=[ {'name':'name'}, {'name':'first_name'}, {'name':'last_name'}, {'name':'email'}, {'name':'gender'}, {'name':'birthday'}, {'name':'username','description':'Username','type':'text'}, {'name':'password','description':'Password'}, {'name':'captcha'} ] " scrolling="auto" frameborder="no" style="border:none" allowTransparency="true" width="100%" height="1000"> </iframe> <?php break; } return ''; break; case 'registered': $type = $_GET['type']; $reg_red = $_GET['g_red']; $reg_red = str_replace('@@@', '&', $reg_red); $signed_request = $_POST['signed_request']; $data = explode('.', $signed_request); $params = json_decode(base64_url_decode($data[1]), true); switch ($type) { ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// case 'auto': $user_id = $params['user_id']; $username = $params['registration']['name']; $password = wp_generate_password(10); $data = array(); // array for all user settings $data['first_name'] = $params['registration']['first_name']; // add first- and lastname $data['last_name'] = $params['registration']['last_name']; $data['name'] = $params['registration']['name']; // add first- and lastname $data['username'] = $params['registration']['name']; // add username $data['email'] = $params['registration']['email']; // add email /* no need to add the usertype, it will be generated automaticaly from the gid */ $data['password'] = $password; // set the password $data['sendEmail'] = 1; // should the user receive system mails? /* Now we can decide, if the user will need an activation */ $userdata = array('user_login' => $data['username'], 'user_pass' => $data['password'], 'user_email' => $data['email'], 'nickname' => $data['first_name'] . $data['last_name'], 'first_name' => $data['first_name'], 'last_name' => $data['last_name'], 'user_pass' => $data['password']); wp_insert_user($userdata); global $wpdb; if ($user_id != "") { $query0 = $wpdb->prepare("DELETE FROM `" . $wpdb->prefix . "spiderfacebook_login` WHERE user_id=%s", $user_id); $wpdb->query($query0); $wpdb->insert($wpdb->prefix . "spiderfacebook_login", array('user_id' => $user_id, 'username' => $username, 'password' => $password), array('%s', '%s', '%s')); } $creds['user_login'] = $username; $creds['user_password'] = $password; $creds['remember'] = true; $userr = wp_signon($creds, false); if (is_wp_error($userr)) { echo $userr->get_error_message(); } wp_redirect(get_permalink()); exit; break; ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// case 'password': case 'captcha': $user_id = $params['user_id']; $username = $params['registration']['username']; $password = $params['registration']['password']; $data = array(); // array for all user settings $data['first_name'] = $params['registration']['first_name']; // add first- and lastname $data['last_name'] = $params['registration']['last_name']; // add first- and lastname $data['username'] = $username; // add username $data['email'] = $params['registration']['email']; // add email //$data['gid'] = $acl->get_group_id( '', $usertype, 'ARO' ); // generate the gid from the usertype /* no need to add the usertype, it will be generated automaticaly from the gid */ $data['password'] = $password; // set the password $data['password2'] = $password; // confirm the password $data['sendEmail'] = 1; // should the user receive system mails? $userdata = array('user_login' => $data['username'], 'user_pass' => $data['password'], 'user_email' => $data['email'], 'nickname' => $data['first_name'] . $data['last_name'], 'first_name' => $data['first_name'], 'last_name' => $data['last_name'], 'user_pass' => $data['password2']); wp_insert_user($userdata); global $wpdb; if ($user_id != "") { $query0 = $wpdb->prepare("DELETE FROM `" . $wpdb->prefix . "spiderfacebook_login` WHERE user_id=%s", $user_id); $wpdb->query($query0); $wpdb->insert($wpdb->prefix . "spiderfacebook_login", array('user_id' => $user_id, 'username' => $username, 'password' => $password), array('%s', '%s', '%s')); } $creds['user_login'] = $username; $creds['user_password'] = $password; $creds['remember'] = true; $userr = wp_signon($creds, false); if (is_wp_error($userr)) { echo $userr->get_error_message(); } wp_redirect(get_permalink()); exit; break; } break; case 'login': $res = $_GET['res']; $data = explode('.', $res); //print_r(json_decode(base64_url_decode($data[1]), true)); $user = json_decode(base64_url_decode($data[1]), true); $login_user_id = $user['user_id']; //print_r($login_user_id); global $wpdb; $query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "spiderfacebook_login\n\t\tWHERE user_id=%s", $login_user_id); $result = $wpdb->get_row($query); $creds['user_login'] = $result->username; $creds['user_password'] = $result->password; $userr = wp_signon($creds, false); if (is_wp_error($userr)) { echo $userr->get_error_message(); } wp_redirect(get_permalink()); exit; } } ///////////////////// normal post or page $url = get_permalink(); if ($post->post_type == 'post') { $query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "spiderfacebook_params WHERE (articles LIKE '%%***%d***%%' OR articles='all') AND `published`=1 ", $post->ID); } if (is_page()) { $query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "spiderfacebook_params WHERE (items LIKE '%%***%d***%%' OR items='all') AND `published`=1 ", $post->ID); } $params = $wpdb->get_results($query); $login_id = wp_generate_password(10); if (!count($params)) { return $content; } foreach ($params as $param) { $reglog = get_permalink(); if (is_user_logged_in() && $param->type == 'register') { if (strpos(get_permalink(), '?')) { $url_logen = get_permalink() . '&'; } else { $url_logen = get_permalink() . '?'; } if ($param->fb_only == 1) { $login = '******' . $login_id . '").setAttribute("style","display:none"); function logout(){ window.location="' . $url_logen . 'task=logout&logout_red=' . $reglog . '"; } </script> <input type="button" class="button" value="Log out" onclick="logout()"/> '; } else { $login = '******' . $login_id . '").setAttribute("style","display:none"); </script> '; } } else { $login = ""; } $url = get_permalink(); $lang = get_bloginfo('language', 'en-US'); if (strpos($url, '?')) { $url_conect_with = $url . '&'; } else { $url_conect_with = $url . '?'; } $reglog = str_replace('&', '@@@', $url); $param->code = str_replace('autoLOGREDauto', $reglog, $param->code); $param->code = str_replace('autoREGREDauto', $reglog, $param->code); $param->code = str_replace('get_registration_for_faceebok_page_or_post', $url_conect_with, $param->code); if ($param->render == '3' || $param->render == '4') { $encode = urlencode($url); } else { $encode = $url; } $param->code = str_replace('autoSITEURLauto', $encode, $param->code); $param->code = str_replace('get_registration_for_faceebok_page_or_post', $url_conect_with, $param->code); $param->code = str_replace('autoLANGauto', $lang, $param->code); $param->code = str_replace('temp_id', $login_id, $param->code); if (is_page()) { $swich_my = $param->item_place; } else { $swich_my = $param->place; } switch ($swich_my) { case "bottom": $content = $content . $param->code . $login; break; case "top": if ($xxx == 1) { $content = $param->code . '</br>' . $content . $login; $xxx = 0; } else { $content = $param->code . $content . $login; } break; case "both": if ($xxx == 1) { $content = $param->code . '</br>' . $content . $param->code . $login; $xxx = 0; } else { $content = $param->code . $content . $param->code . $login; } break; } } return $content; }
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) { $ckey_length = 4; $key = md5($key ? $key : C('AUTH_KEY')); $keya = md5(substr($key, 0, 16)); $keyb = md5(substr($key, 16, 16)); $keyc = $ckey_length ? $operation == 'DECODE' ? substr($string, 0, $ckey_length) : substr(md5(microtime()), -$ckey_length) : ''; $cryptkey = $keya . md5($keya . $keyc); $key_length = strlen($cryptkey); $string = $operation == 'DECODE' ? base64_url_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0) . substr(md5($string . $keyb), 0, 16) . $string; $string_length = strlen($string); $result = ''; $box = range(0, 255); $rndkey = array(); for ($i = 0; $i <= 255; $i++) { $rndkey[$i] = ord($cryptkey[$i % $key_length]); } for ($j = $i = 0; $i < 256; $i++) { $j = ($j + $box[$i] + $rndkey[$i]) % 256; $tmp = $box[$i]; $box[$i] = $box[$j]; $box[$j] = $tmp; } for ($a = $j = $i = 0; $i < $string_length; $i++) { $a = ($a + 1) % 256; $j = ($j + $box[$a]) % 256; $tmp = $box[$a]; $box[$a] = $box[$j]; $box[$j] = $tmp; $result .= chr(ord($string[$i]) ^ $box[($box[$a] + $box[$j]) % 256]); } if ($operation == 'DECODE') { if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $keyb), 0, 16)) { return substr($result, 26); } else { return ''; } } else { return $keyc . base64_url_encode($result); } }
function url_decrypt($url, $key = false) { $url = Config::get('url_mode') ? base64_url_decode($url) : rawurldecode($url); if ($key) { $url = str_rot_pass($url, $key, true); } else { if (Config::get('encryption_key')) { $url = str_rot_pass($url, Config::get('encryption_key'), true); } } return $url; }
<!DOCTYPE html> <!--[if IE 9 ]><html class="ie9"><![endif]--> <?php $root = "/venues"; require_once realpath($_SERVER["DOCUMENT_ROOT"]) . "/venues/session.php"; $uid = check_login($conn, 600, 'Biscuit'); // md5 for venues_search_people $key = '371555a819ed7a48f8c117e4cf6832a3'; if (isset($_GET['people'])) { $people = $_GET['people']; $people = base64_url_decode($people); } else { $people = null; } ?> <html> <head> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0" /> <meta name="format-detection" content="telephone=no"> <meta charset="UTF-8"> <title>Αρχική Σελίδα</title> <!-- CSS --> <link href="<?php echo "{$root}/"; ?> css/bootstrap.min.css" rel="stylesheet"> <link href="<?php echo "{$root}/"; ?>
public function bind_action() { if (AWS_APP::session()->weibo_user) { $weibo_user_info = AWS_APP::session()->weibo_user; unset(AWS_APP::session()->weibo_user); } if ($_GET['error'] == 'access_denied') { H::redirect_msg(AWS_APP::lang()->_t('授权失败'), '/account/login/'); } if ($this->user_id) { $weibo_user = $this->model('openid_weibo_oauth')->get_weibo_user_by_uid($this->user_id); if ($weibo_user) { H::redirect_msg(AWS_APP::lang()->_t('此账号已绑定微博账号'), '/account/login/'); } } $callback_url = '/account/openid/weibo/bind/'; if ($_GET['return_url']) { $callback_url .= 'return_url-' . $_GET['return_url']; } if ($_GET['code']) { if ($_GET['code'] != $weibo_user_info['authorization_code']) { $this->model('openid_weibo_oauth')->authorization_code = $_GET['code']; $this->model('openid_weibo_oauth')->redirect_url = $callback_url; if (!$this->model('openid_weibo_oauth')->oauth2_login()) { H::redirect_msg($this->model('openid_weibo_oauth')->error_msg, '/account/login/'); } $weibo_user_info = $this->model('openid_weibo_oauth')->user_info; } if (!$weibo_user_info) { H::redirect_msg(AWS_APP::lang()->_t('微博登录失败,用户信息不存在'), '/account/login/'); } $weibo_user = $this->model('openid_weibo_oauth')->get_weibo_user_by_id($weibo_user_info['id']); if ($this->user_id) { if ($weibo_user) { H::redirect_msg(AWS_APP::lang()->_t('此微博账号已被绑定'), '/account/login/'); } $this->model('openid_weibo_oauth')->bind_account($weibo_user_info, $this->user_id); if (!$this->model('integral')->fetch_log($this->user_id, 'BIND_OPENID')) { $this->model('integral')->process($this->user_id, 'BIND_OPENID', round(get_setting('integral_system_config_profile') * 0.2), '绑定 OPEN ID'); } HTTP::redirect('/account/setting/openid/'); } else { if ($weibo_user) { $user = $this->model('account')->get_user_info_by_uid($weibo_user['uid']); if (!$user) { $this->model('openid_weibo_oauth')->unbind_account($weibo_user['uid']); H::redirect_msg(AWS_APP::lang()->_t('本地用户不存在'), '/account/login/'); } $this->model('openid_weibo_oauth')->update_user_info($weibo_user['id'], $weibo_user_info); if (get_setting('register_valid_type') == 'approval' and $user['group_id'] == 3) { $redirect_url = '/account/valid_approval/'; } else { if ($_GET['state']) { $state = base64_url_decode($_GET['state']); } if (get_setting('ucenter_enabled') == 'Y') { $redirect_url = '/account/sync_login/'; if ($state['return_url']) { $redirect_url .= 'url-' . base64_encode($state['return_url']); } } else { if ($state['return_url']) { $redirect_url = $state['return_url']; } else { $redirect_url = '/'; } } HTTP::set_cookie('_user_login', get_login_cookie_hash($user['user_name'], $user['password'], $user['salt'], $user['uid'], false)); if (get_setting('register_valid_type') == 'email' and !$user['valid_email']) { AWS_APP::session()->valid_email = $user['email']; } } HTTP::redirect($redirect_url); } else { switch (get_setting('register_type')) { case 'close': H::redirect_msg(AWS_APP::lang()->_t('本站目前关闭注册'), '/account/login/'); break; case 'invite': H::redirect_msg(AWS_APP::lang()->_t('本站只能通过邀请注册'), '/account/login/'); break; case 'weixin': H::redirect_msg(AWS_APP::lang()->_t('本站只能通过微信注册'), '/account/login/'); break; } AWS_APP::session()->weibo_user = $weibo_user_info; $this->crumb(AWS_APP::lang()->_t('完善资料'), '/account/login/'); TPL::assign('register_url', 'account/ajax/weibo/register/'); $user_name = str_replace('-', '', AWS_APP::session()->weibo_user['screen_name']); while ($this->model('account')->check_username($user_name) || !$this->model('account')->is_valid_username($user_name) || $this->model('account')->check_username_sensitive_words($user_name)) { $user_name = $this->model('account')->random_username(); } TPL::assign('user_name', $user_name); TPL::assign('sns_type', 'weibo'); TPL::import_css('css/register.css'); TPL::output('account/openid/callback'); } } } else { $state = $_GET['return_url'] ? base64_url_encode(array('return_url' => base64_decode($_GET['return_url']))) : null; HTTP::redirect($this->model('openid_weibo_oauth')->get_redirect_url('/account/openid/weibo/bind/', $state)); } }
<?php function base64_url_decode($input) { return base64_decode(strtr($input, '-_', '+/')); } $tests = explode("\n", file_get_contents('tests.txt')); foreach ($tests as $test) { if (!$test || $test[0] == '#') { continue; } list($name, $input, $output) = explode(' ', $test); $data = base64_url_decode($input); if ($data !== $output) { print 'php: ' . $name . ' failed. ' . $data . ' != ' . $output . "\n"; } }