예제 #1
0
 public static function create(\Member $member)
 {
     $nonce = new Nonce();
     $now = time() + 60;
     $nonce->setNonce($member->getId() . $member->getHash() . $now . uniqid())->setMember($member)->setDate($now)->save();
     return $nonce;
 }
예제 #2
0
 function lookup_nonce($consumer, $token, $nonce, $timestamp)
 {
     $n = new Nonce();
     $n->consumer_key = $consumer->key;
     $n->ts = common_sql_date($timestamp);
     $n->nonce = $nonce;
     if ($n->find(true)) {
         return true;
     } else {
         $n->created = DB_DataObject_Cast::dateTime();
         $n->insert();
         return false;
     }
 }
예제 #3
0
 public function action_index()
 {
     $login = Session::getLogin();
     if (!$login) {
         throw new PermissionDeniedException();
     }
     $nonce = \Nonce::create($login);
     $url = Config::get('simple.system.url') . "?mod=guide&nonce=" . $nonce->getNonce();
     return new ControllerActionRedirect($url);
 }
예제 #4
0
 static function validate($nonce, $action = '', $user = '')
 {
     /*
      * Function validates the nonce generated by self::create
      * $nonce		string		the nonce that is to be validated
      * $action		string		the action for which the nonce was made
      * $user		string		the user for whome the nonce was made
      */
     if (substr(Nonce::generate($action . $user), -12, 10) == $nonce) {
         return true;
     }
     return false;
 }
예제 #5
0
 /**
  * Updates the post votes via an HTTP request.
  *
  * @wp-hook template_redirect
  *
  * @return void
  */
 public function update_http()
 {
     if (!is_user_logged_in()) {
         return;
     }
     if (!$this->nonce->is_valid()) {
         return;
     }
     if (!$this->update()) {
         return;
     }
     $url = filter_input(INPUT_POST, '_wp_http_referer');
     $url = urldecode($url);
     $url = esc_url($url);
     wp_safe_redirect($url);
 }
예제 #6
0
파일: index.php 프로젝트: BoringCode/hackme
<?php

require "_inc/functions.php";
//Redirect to members page if logged in
if ($auth->logged_in) {
    header("Location: members.php");
}
$nonce = new Nonce("login_action");
require "_inc/header.php";
?>

<div class="post">
	<div class="post-bgtop">
		<div class="post-bgbtm">
			<h2 class="title"><a href="#">Welcome to hackme </a></h2>
			<div class="entry">
				<?php 
if (!$auth->logged_in) {
    ?>
	           	<form method="post" action="members.php">
					<h2>LOGIN</h2>
					<table>
						<tr> <td> Username </td> <td> <input type="text" name="username" /> </td> </tr>
						<tr> <td> Password </td> <td> <input type="password" name="password" /> </td>  
	                    <td> <input type="submit" name = "submit" value="Login" /> </td></tr>
					</table>
					<input type="hidden" name="nonce" value="<?php 
    echo $nonce->get();
    ?>
">
				</form>					
예제 #7
0
파일: Consumer.php 프로젝트: himmelex/NTW
 function _deleteNonces()
 {
     $nonce = new Nonce();
     $nonce->consumer_key = $this->consumer_key;
     $nonce->delete();
 }
예제 #8
0
 /** validate a nonce
  * @params (string) $key, (string) $nonce
  * @return (bool) $isValid
  **/
 protected function validateNonce($key, $nonce)
 {
     return Nonce::validateString($nonce, $key);
 }
예제 #9
0
 public function registerForm()
 {
     $this->nonce = Nonce::getNonce();
 }
 public function afterAuthentication()
 {
     //auth succesfull. Make sure nonce cannot be re-used to prevent replay attacks.
     $this->nonce->markAsUsed();
     parent::afterAuthentication();
 }
예제 #11
0
<?php

define("MEMBERS_ONLY", true);
require "_inc/functions.php";
//if the login form is submitted
if (isset($_POST['submit']) && isset($_POST["password"]) && isset($_POST["username"]) && isset($_POST["nonce"])) {
    $nonce = new Nonce("login_action");
    if (!$nonce->verify($_POST["nonce"])) {
        die("CSRF detected, knock it off you punk");
    }
    $auth->login($_POST["username"], $_POST["password"]);
}
require "_inc/header.php";
$threads = $auth->query("SELECT * FROM threads ORDER BY date DESC", array(), true);
foreach ($threads as $thread) {
    ?>
	<div class="post">
		<div class="post-bgtop">
			<div class="post-bgbtm">
				<h2 class="title">
					<a href="show.php?pid=<?php 
    echo htmlspecialchars($thread->id);
    ?>
"><?php 
    echo htmlspecialchars($thread->title);
    ?>
					</a>
				</h2>
				<p class="meta">
					<span class="date"><?php 
    echo date('l, d F, Y', htmlspecialchars($thread->date));
예제 #12
0
 /**
  * Gets additional resources for assigned media
  * @param string $serverKey
  * @param string $hardwareKey
  * @param int $layoutId
  * @param string $regionId
  * @param string $mediaId
  * @return mixed
  * @throws SoapFault
  */
 function GetResource($serverKey, $hardwareKey, $layoutId, $regionId, $mediaId)
 {
     // Sanitize
     $serverKey = Kit::ValidateParam($serverKey, _STRING);
     $hardwareKey = Kit::ValidateParam($hardwareKey, _STRING);
     $layoutId = Kit::ValidateParam($layoutId, _INT);
     $regionId = Kit::ValidateParam($regionId, _STRING);
     $mediaId = Kit::ValidateParam($mediaId, _STRING);
     // Check the serverKey matches
     if ($serverKey != Config::GetSetting('SERVER_KEY')) {
         throw new SoapFault('Sender', 'The Server key you entered does not match with the server key at this address');
     }
     // Make sure we are sticking to our bandwidth limit
     if (!$this->CheckBandwidth()) {
         throw new SoapFault('Receiver', "Bandwidth Limit exceeded");
     }
     // Auth this request...
     if (!$this->AuthDisplay($hardwareKey)) {
         throw new SoapFault('Receiver', "This display client is not licensed");
     }
     // Validate the nonce
     $nonce = new Nonce();
     if (!$nonce->AllowedFile('resource', $this->displayId, NULL, $layoutId, $regionId, $mediaId)) {
         throw new SoapFault('Receiver', 'Requested an invalid file.');
     }
     // What type of module is this?
     $region = new region();
     $type = $region->GetMediaNodeType($layoutId, $regionId, $mediaId);
     if ($type == '') {
         throw new SoapFault('Receiver', 'Unable to get the media node type');
     }
     // Dummy User Object
     $user = new User();
     $user->userid = 0;
     $user->usertypeid = 1;
     // Initialise the theme (for global styles in GetResource)
     new Theme($user);
     Theme::SetPagename('module');
     // Get the resource from the module
     try {
         $module = ModuleFactory::load($type, $layoutId, $regionId, $mediaId, null, null, $user);
     } catch (Exception $e) {
         Debug::Error($e->getMessage(), $this->displayId);
         throw new SoapFault('Receiver', 'Cannot create module. Check CMS Log');
     }
     $resource = $module->GetResource($this->displayId);
     if (!$resource || $resource == '') {
         throw new SoapFault('Receiver', 'Unable to get the media resource');
     }
     // Log Bandwidth
     $this->LogBandwidth($this->displayId, Bandwidth::$GETRESOURCE, strlen($resource));
     return $resource;
 }
예제 #13
0
 public function testCreation()
 {
     $nonce = new Nonce();
     $this->assertEquals(self::$nonce, $nonce->generate());
     $this->assertEquals(self::$nonce, (string) $nonce);
 }
예제 #14
0
// Check to see if we are going to consume a service (if we came from xmds.php then we will always use the SOAP service)
if (defined('XMDS') || $method != '') {
    // Create a service to handle the method
    switch ($service) {
        case 'soap':
            // Check to see if we have a file attribute set (for HTTP file downloads)
            if (isset($_GET['file'])) {
                // Check send file mode is enabled
                $sendFileMode = Config::GetSetting('SENDFILE_MODE');
                if ($sendFileMode == 'Off') {
                    Debug::LogEntry('audit', 'HTTP GetFile request received but SendFile Mode is Off. Issuing 404', 'services');
                    header('HTTP/1.0 404 Not Found');
                    exit;
                }
                // Check nonce, output appropriate headers, log bandwidth and stop.
                $nonce = new Nonce();
                if (!($file = $nonce->Details(Kit::GetParam('file', _GET, _STRING)))) {
                    Debug::LogEntry('audit', 'HTTP GetFile request received but unable to find XMDS Nonce. Issuing 404', 'services');
                    // 404
                    header('HTTP/1.0 404 Not Found');
                } else {
                    // Issue magic packet
                    // Send via Apache X-Sendfile header?
                    if ($sendFileMode == 'Apache') {
                        Debug::LogEntry('audit', 'HTTP GetFile request redirecting to ' . Config::GetSetting('LIBRARY_LOCATION') . $file['storedAs'], 'services');
                        header('X-Sendfile: ' . Config::GetSetting('LIBRARY_LOCATION') . $file['storedAs']);
                    } else {
                        if ($sendFileMode == 'Nginx') {
                            header('X-Accel-Redirect: /download/' . $file['storedAs']);
                        } else {
                            header('HTTP/1.0 404 Not Found');
예제 #15
0
<?php

require "_inc/functions.php";
//Redirect to members page if logged in
if ($auth->logged_in) {
    header("Location: members.php");
}
$nonce = new Nonce("register_action");
if (isset($_POST['submit'])) {
    if (!isset($_POST["nonce"]) || !$nonce->verify($_POST["nonce"])) {
        die("CSRF detected, knock it off you punk");
    }
    if (!isset($_POST['uname']) || !isset($_POST['password']) || !isset($_POST['fname']) || !isset($_POST['lname'])) {
        die('<p>You did not fill in a required field.
        Please go back and try again!</p>');
    }
    if (!$auth->createUser($_POST["uname"], $_POST["password"], $_POST["fname"], $_POST["lname"])) {
        die("Sorry, can't create user");
    } else {
        $userCreated = true;
    }
}
require "_inc/header.php";
?>
<div class="post">
	<div class="post-bgtop">
		<div class="post-bgbtm">
        <h2 class = "title">hackme Registration</h2>
        <?php 
if (isset($userCreated)) {
    ?>
예제 #16
0
 public final function execute()
 {
     /*
      * kontroly funkcii
      */
     //prednastavena hodnota premnnej enabled je false
     if (empty($this->enabled)) {
         $this->enabled = false;
     }
     //zisti ci bola zadana funkcia
     if (empty($_GET['func'])) {
         $this->setMsg(false, "Nebola zadaná žiadna funkcia");
         return;
     }
     //zisti, ci zadana funkcia existuje
     if (empty($this->functions[$_GET['func']])) {
         $this->setMsg(false, "Zadaná funkcia neexistuje");
         return;
     }
     //kontrola identifikatora formulara
     if (!empty($_POST['nonce']) && !Nonce::checkNonce($_POST['nonce'])) {
         $this->setMsg(false, "Neplatný formulár.");
         return;
     }
     //pripojenie na databazu
     $db = CDatabaza::getInstance();
     //zisti, ci sa uskutocnilo spojenie s databazou
     if (empty($db)) {
         $this->setMsg(false, "Spojenie s databázou zlyhalo");
         return;
     }
     //skontoluje, ci je mozne spustit modul
     if (!$this->enabled) {
         $this->setMsg(false, "Nemáte oprávnenie na zmenu záznamov");
         return;
     }
     //spusti vybranu funkciu zvoleneho modulu
     $call = $this->functions[$_GET['func']]['execute'];
     $this->{$call}();
 }
예제 #17
0
 /**
  * Constructor. Sets up the properties.
  *
  * @param string $file  Main plugin file.
  * @param State  $state State model.
  * @param Nonce  $nonce Nonce object.
  */
 public function __construct($file, State $state, Nonce $nonce)
 {
     $this->file = $file;
     $this->state = $state;
     $this->nonce = $nonce->get();
 }