if (!empty($_POST['username']) && $_POST['username'] != 'username') {
$username_form = mysql_real_escape_string($_POST['username']);
} else {
$error['username'] = "******";
}
if (!empty($_POST['password']) && $_POST['password'] != '********') {
$password = get_pass($_POST['password']);
} else {
$error['password'] = "******";
}
// No errors? All arrranged? Bring back the userdata at $arrUser if that guy exists
if (empty($error)) {
/* START OLD PASSWORD PATCH */
require_once $_SERVER['DOCUMENT_ROOT'] . '/admin/isOldUser.php';
// The faulty strtohex function in use... So that it produces the results of 1.0
$oldPassword = strtohex(hash_hmac('sha256', $_POST['password'], 'c#haRl891', true));
if ($arrUser = isOldUser($username_form, $oldPassword, $dbConn)) {
// Update the table with the new password
$idUser = $arrUser['idUser'];
// turn 0 the oldPass & update the new pass
$query = "UPDATE users SET pass = '******', oldPass='******' WHERE idUser = '******'";
$result = mysql_query($query, $dbConn);
}
/* END OLD PASWORD PATCH */
// Mount the user array (or false)
if ($arrUser = isUser($username_form, $password, $dbConn)) {
if (empty($error)) {
// $error means user is in limbo (Panda check this. Could it be from other reasons?)
// and update last seen users (date_modify)
$d = date("Y-m-d H:i:s");
$query = "UPDATE users SET date_modified = '{$d}' WHERE idUser = {$arrUser['idUser']}";
<?php
function strtohex($x)
{
$s = '';
foreach (str_split($x) as $c) {
$s .= sprintf("%02X", ord($c));
}
return $s;
}
$AES_PADDING_CHAR = '0';
$source = '{"apid":"b8:09:8a:c9:92:c1","version":"NBOS-1.0.3.1507","checksum":"4072f042c0ccb83181bd24a6149553ef","files":[{"checksum":"aec2c358a81be33852eb013ee8ece06d","timestamp":1453689516,"filename":"/etc/hosts"},{"checksum":"d41d8cd98f00b204e9800998ecf8427e","timestamp":1453689607,"filename":"/etc/kisslink"}]}';
$source = "{\"result\":\"nothingtodo\"}";
$source = "{\"result\":\"apupdate\",\"files\":[{\"/etc/kisslink\":\"c3NzMjIyMnNzcwo=\"}]}";
$iv = str_repeat($AES_PADDING_CHAR, 16);
$key = 'kisslinkkisslink';
$method = 'aes-128-cbc';
echo "iv in hex: " . strtohex($iv) . "\n";
echo "key in hex: " . strtohex($key) . "\n";
$out = "out.txt";
$content = openssl_encrypt($source, $method, $key, true, $iv);
echo "source:" . $source . "\n";
echo "encrypted:" . strtohex($content) . "\n";
file_put_contents($out, $content);
$exec = "openssl enc -" . $method . " -d -in out.txt -nosalt -nopad -K " . strtohex($key) . " -iv " . strtohex($iv);
echo $exec . "\n";
echo "decrypted:";
echo exec($exec) . "\n";
unlink($out);
function filters()
{
$user = $_SESSION['sUser'];
$mode = mysql_real_escape_string($_REQUEST['mode']);
switch ($mode) {
case "query":
$query = "SELECT type, UNHEX(name) AS name, alias, filter, UNHEX(notes) as notes, age, global, username\n FROM filters \n ORDER BY global,name ASC";
$result = mysql_query($query);
$rows = array();
while ($row = mysql_fetch_assoc($result)) {
$rows[] = $row;
}
$theJSON = json_encode($rows);
break;
case "update":
$data = hextostr($_REQUEST['data']);
list($type, $alias, $name, $notes, $filter) = explode("||", $data);
$name = strtohex($name);
$notes = strtohex($notes);
$remove = array("DELETE", "UPDATE", "INSERT", "SELECT", "CONCAT", "REVERSE", "REPLACE", "RLIKE", "SUBSTR", "SUBSTRING");
$filter = str_ireplace($remove, "", $filter);
$filter = strtohex($filter);
$query = "INSERT INTO filters (type,name,alias,username,filter,notes)\n VALUES ('{$type}','{$name}','{$alias}','{$user}','{$filter}','{$notes}')\n ON DUPLICATE KEY UPDATE \n type='{$type}',name='{$name}',alias='{$alias}',filter='{$filter}',notes='{$notes}'";
mysql_query($query);
$result = mysql_error();
$return = array("msg" => $result);
$theJSON = json_encode($return);
break;
case "remove":
$alias = mysql_real_escape_string($_REQUEST['data']);
$query = "DELETE FROM filters WHERE username = '******' AND (alias = '{$alias}' AND global = 0)";
mysql_query($query);
$result = mysql_error();
$return = array("msg" => $result);
$theJSON = json_encode($return);
break;
}
echo $theJSON;
}
}
return $hex;
}
function exit_message($code, $msg)
{
error_log($msg);
exit($code);
}
if ('cli' !== php_sapi_name() || 4 !== count($argv)) {
exit_message(1, './exp-o-decrypt.php <PASSWORD> <IV> <PRIVATE-KEY-FILE>' . PHP_EOL);
}
if (empty($argv[1]) || empty($argv[2]) || !file_exists($argv[3])) {
exit_message(2, 'Invalid parameters.' . PHP_EOL);
}
# Base64 encoded password from the "X-Password" header
$password64 = $argv[1];
# Initialization Vector
$iv = $argv[2];
# Private key file
$private_key = file_get_contents($argv[3]);
$enc_password = base64_decode($password64);
if (false === $enc_password) {
exit_message(3, 'Invalid password. It has to be base64 encoded.' . PHP_EOL);
}
$decryption = openssl_private_decrypt($enc_password, $decrypted, $private_key);
if (false === $decryption) {
exit_message(4, 'Decryption failed.' . PHP_EOL);
}
# Removed "-nopad"
printf("openssl enc -aes-128-cbc -d -nosalt -K %s -iv %s -in " . PHP_EOL, strtohex($decrypted), strtohex($iv));
} else {
$portactres[$pdport] = 'Fail';
}
}
}
// Для 3028G/3200-28 подписываем дополнительно порты 25(F), 26(F), 27(F) и 28(F)
if ($ModelType == 'DES-3028G' || $ModelType == 'DES-3200-28') {
for ($mm = 25; $mm < 29; $mm++) {
$pdport = $mm . '(F)';
$actres = 0;
if (isset($_REQUEST['pd' . $pdport])) {
${'pd' . $pdport} = $_REQUEST['pd' . $pdport];
} else {
${'pd' . $pdport} = "";
}
$pdportval[$mm] = strtohex(${'pd' . $pdport});
$actres = @snmpset($ip, $wcomm, ".1.3.6.1.4.1.171.11." . $p_oid[$ModelType] . ".2.2.2.1.6." . $mm . ".101", "x", $pdportval[$mm], $timeout, $retries);
if ($actres == 1) {
$portactres[$pdport] = 'OK';
} else {
$portactres[$pdport] = 'Fail';
}
}
}
// Сохранение результатов подписи портов для DES-3028, 3028, 3026, 3200-28
if ($ModelType == 'DES-3028' || $ModelType == 'DES-3028G' || $ModelType == 'DES-3026' || $ModelType == 'DES-3028P' || $ModelType == 'DES-3200-28') {
if (@snmpset($ip, $wcomm, ".1.3.6.1.4.1.171.12.1.2.6.0", "i", "5", $timeout * 100, 0) != false) {
$saveres = "<font color=#00ff00>Конфигурация успешно сохранена!</font>";
} else {
$saveres = "<font color=#ff0000>Ошибка сохранения конфигурации!</font>";
}
$dot1qVlanStaticUntaggedPorts = @snmpwalkoid($ip, $rcomm, ".1.3.6.1.2.1.17.7.1.4.3.1.4", $timeout, $retries);
// Оставляем в ключе массива только нужную информацию
$dot1qTpVlanStaticName = keyscut($dot1qTpVlanStaticName);
// Оставляем в ключе массива только нужную информацию
$dot1qVlanStaticUntaggedPorts = keyscut($dot1qVlanStaticUntaggedPorts);
// Заполняем массив с vlan'ами пустотой, иначе array_splice глючит безбожно
$untag_vlan = array_fill(0, $uniqueportscount[$ModelType], '');
for ($t = 0; $t < count($dot1qTpVlanStaticName); $t++) {
$vlan_name = $dot1qTpVlanStaticName[key($dot1qTpVlanStaticName)];
$vlan_name = str_ireplace('"', "", $vlan_name);
$vid = key($dot1qTpVlanStaticName);
$uports = $dot1qVlanStaticUntaggedPorts[$vid];
$uports = stripstr($uports);
// Чит для 3526, когда вместо hex-строки возвращается string
if (strlen($uports) == 4) {
$uports = strtohex($uports);
}
$uports = decbin(hexdec($uports));
while (strlen($uports) < 32) {
$uports = "0" . $uports;
}
for ($tt = 1; $tt < $uniqueportscount[$ModelType] + 1; $tt++) {
if ($uports[$tt - 1] == 1) {
$untag_vlan[$tt - 1] = $vlan_name . ': ' . $vid;
}
}
next($dot1qTpVlanStaticName);
}
if ($ModelType == 'DES-3028' || $ModelType == 'DES-3028P') {
array_splice($untag_vlan, 25, 0, 'n\\a');
array_splice($untag_vlan, 27, 0, 'n\\a');