function sr($secret = false, $sr = false)
{
if (!$sr && isset($_REQUEST['signed_request'])) {
$sr = $_REQUEST['signed_request'];
}
if (!$sr) {
return false;
}
if (!$secret) {
$secret = session('secret');
}
list($encoded_sig, $payload) = explode('.', $sr, 2);
$data = json_decode(base64_url_decode($payload), true);
// $sig = base64_url_decode($encoded_sig);
// if(strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
// error_log('Unknown algorithm. Expected HMAC-SHA256');
// return null;
// }
// $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
// if($sig !== $expected_sig) {
// error_log('Bad Signed JSON signature!');
// return null;
// }
session('sr', $data);
if (isset($data['oauth_token'])) {
session('access_token', $data['oauth_token']);
session('expires', $data['expires']);
}
return $data;
}
public function seeMessageInResponse($message)
{
$response = $this->getModule('REST')->response;
$response = json_decode($response);
$data = base64_url_decode($response->data);
$data = $this->aes->decrypt($data);
file_put_contents('./dump.txt', $data);
$data = json_decode($data);
$this->assertEquals($message, $data->message);
}
function decode_combine($str)
{
$str = base64_decode($str);
$db = new db_query('SELECT "5529e6b0760d73d38d3d3a5bb33e3eaf" as kdm_hash1, kdims.* FROM kdims LIMIT 1');
$hash = mysqli_fetch_assoc($db->result);
unset($db);
$decode_step1 = str_rot13($str);
$decode_hash = str_rot13($hash['kdm_hash1']);
$decode_step2 = str_replace($decode_hash, '', $decode_step1);
return base64_url_decode($decode_step2);
}
function magic_sig_from_dom($dom)
{
$env_element = $dom->getElementsByTagNameNS(MAGIC_SIG_NS, 'env')->item(0);
if (!$env_element) {
$env_element = $dom->getElementsByTagNameNS(MAGIC_SIG_NS, 'provenance')->item(0);
}
if (!$env_element) {
return false;
}
$data_element = $env_element->getElementsByTagNameNS(MAGIC_SIG_NS, 'data')->item(0);
$sig_element = $env_element->getElementsByTagNameNS(MAGIC_SIG_NS, 'sig')->item(0);
return array('data' => base64_url_decode(preg_replace('/\\s/', '', $data_element->nodeValue)), 'data_type' => $data_element->getAttribute('type'), 'encoding' => $env_element->getElementsByTagNameNS(MAGIC_SIG_NS, 'encoding')->item(0)->nodeValue, 'alg' => $env_element->getElementsByTagNameNS(MAGIC_SIG_NS, 'alg')->item(0)->nodeValue, 'sig' => preg_replace('/\\s/', '', $sig_element->nodeValue));
}
function dr($Enc_Texto, $senha = "1nqv3w5", $iv_len = 16) {
$Enc_Texto = base64_url_decode($Enc_Texto);
$n = strlen($Enc_Texto);
$i = $iv_len;
$texto = '';
$iv = substr($senha ^ substr($Enc_Texto, 0, $iv_len), 0, 512);
while ($i < $n) {
$Bloco = substr($Enc_Texto, $i, 16);
$texto .= $Bloco ^ pack('H*', md5($iv));
$iv = substr($Bloco . $iv, 0, 512) ^ $senha;
$i += 16;
}
return preg_replace('/\\x13\\x00*$/', '', $texto);
}
function parse_signed_request($signed_request, $secret)
{
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function parse_signed_request($input, $secret, $max_age = 3600)
{
list($encoded_sig, $encoded_envelope) = explode('.', $input, 2);
$envelope = json_decode(base64_url_decode($encoded_envelope), true);
$algorithm = $envelope['algorithm'];
if ($algorithm != 'HMAC-SHA256') {
throw new Exception('Invalid request. (Unsupported algorithm.)');
}
if ($envelope['issued_at'] < time() - $max_age) {
throw new Exception('Invalid request. (Too old.)');
}
if (base64_url_decode($encoded_sig) != hash_hmac('sha256', $encoded_envelope, $secret, $raw = true)) {
throw new Exception('Invalid request. (Invalid signature.)');
}
return $envelope;
}
function parse_signed_request($signed_request, $secret)
{
$arr = explode('.', $signed_request, 2);
if (!$arr || count($arr) < 2) {
return null;
}
list($encoded_sig, $payload) = $arr;
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = base64_url_decode($payload);
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, true);
if ($sig !== $expected_sig) {
return null;
}
return $data;
}
function parse_signed_request($signed_request, $secret)
{
if (!(list($encoded_sig, $payload) = explode('.', $signed_request, 2) == null)) {
print_r('Bad Signed Request!');
return null;
}
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
// confirm the signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
print_r('Bad Signed JSON signature!');
return null;
}
return $data;
}
function parse_signed_request($input, $secret, $max_age = 3600)
{
list($encoded_sig, $encoded_envelope) = explode('.', $input, 2);
$envelope = json_decode(base64_url_decode($encoded_envelope), true);
$algorithm = $envelope['algorithm'];
if ($algorithm != 'AES-256-CBC HMAC-SHA256' && $algorithm != 'HMAC-SHA256') {
throw new Exception('Invalid request. (Unsupported algorithm.)');
}
if ($envelope['issued_at'] < time() - $max_age) {
throw new Exception('Invalid request. (Too old.)');
}
if (base64_url_decode($encoded_sig) != hash_hmac('sha256', $encoded_envelope, $secret, $raw = true)) {
throw new Exception('Invalid request. (Invalid signature.)');
}
// for requests that are signed, but not encrypted, we're done
if ($algorithm == 'HMAC-SHA256') {
return $envelope;
}
// otherwise, decrypt the payload
return json_decode(trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $secret, base64_url_decode($envelope['payload']), MCRYPT_MODE_CBC, base64_url_decode($envelope['iv']))), true);
}
function parse_signed_request($signed_request)
{
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
return $data;
}
function base64_decrypt($data, $key = false)
{
$data = base64_url_decode($data);
if ($key) {
$data = str_rot_pass($data, $key, true);
} else {
if (Config::get('encryption_key')) {
$data = str_rot_pass($data, Config::get('encryption_key'), true);
}
}
return $data;
}
$show_path = '';
//file context
$value = '';
//file path code page
$path_code_page = "BIG-5";
if (!empty($_POST['q']) && isset($_POST['v'])) {
//save file
$file_path = base64_url_decode($_POST['q']);
$v = base64_decode($_POST['v']);
file_put_contents($file_path, $v);
echo '1';
exit;
}
if (!empty($_GET['q'])) {
//open file
$file_path = base64_url_decode($_GET['q']);
$show_path = getUTF8String($file_path, $path_code_page);
if (file_exists($file_path)) {
$path = $_GET['q'];
$value = base64_encode(file_get_contents($file_path));
}
}
?>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title><?php
echo $show_path;
?>
</title>
</div>
<br>
<div id="error"style="color:red;"></div>
<div id="success" style="color:green;"></div>
<div class="form-group no-side-padding col-md-12">
<label >New Password *</label><br>
<input type="password" class="form-control" id="password" placeholder="" required="required" name="password">
</div>
<br>
<div class="form-group no-side-padding col-md-12">
<label >Confirm password *</label><br>
<input type="password" class="form-control" id="cpassword" placeholder="" required="required" name="cpassword">
</div>
<br>
<input type="hidden" name="email" id="email" value="<?php
echo base64_url_decode($_GET['info']);
?>
">
<div class="col-md-12 no-side-padding mg-t-20">
<input type="button" name="send" value="Update Password" id="reset_password_btn" class="btn btn-warning">
<!-- <button type="submit" class="btn btn-warning" name="send" value="Update Password">Update Password</button> -->
</div>
</form>
</div>
</div>
</div>
<!--END WRAPPER-->
';
}
#==================================
} else {
if (isset($_SESSION['SAFE_LOGIN'])) {
$duration = time() - (int) $_SESSION['timeout'];
if ($duration >= $inactive) {
unset($_SESSION['SAFE_LOGIN']);
redirect(BASE_PATH . '/webroot.php', 1);
}
if (isset($_POST['admin_x_login'], $_POST['admin_x_pass'])) {
//$rsa->loadKey($publicKey);
//$rsa->decrypt(base64_url_decode($_GET['code']))
if (isset($_GET['code']) && !empty($_GET['code']) && base64_url_decode($_GET['code']) == $_SESSION['SAFE_LOGIN']) {
#LOGIN
$sql = "select * from user where username=:u and type=1";
$stmt = $pdo->prepare($sql);
$username = escape($_POST['admin_x_login']);
$password = $_POST['admin_x_pass'];
$stmt->bindValue(':u', $username, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount()) {
$user = $stmt->fetch(PDO::FETCH_OBJ);
$salt = $user->salt;
$encPassword = $user->password;
if (checkhashSSHA($salt, $password) == $encPassword) {
session_regenerate_id(true);
$_SESSION['login'] = true;
$_SESSION['name'] = $user->lname . ' ' . $user->fname;
<?php
// Facebook DEAUTH page
// ISREAL CONSULTING, LLC
// Processes when a user deauthorizes our app and performs actions
// Check that we're using SSL
if (empty($_SERVER['HTTPS'])) {
header('Location: https://www.isrealconsulting.com/app/fb/deauth.php');
exit;
}
// FB Dev
$signed_request = $_REQUEST['signed_request'];
function base64_url_decode($input)
{
return base64_decode(strtr($input, '-_', '+/'));
}
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
// Use this to make sure the signature is correct
$data = json_decode(base64_url_decode($payload), true);
$user_id = $data['user_id'];
// Make a call to the API to get the user_id
// then perform actions on the specific user_id
} elseif (preg_match("/^thumb_max\\//is", $url)) {
//View anh thumb max
$url_in = array("'thumb_max/([a-zA-Z0-9-_./]+),(.*)\\.(jpg|png|gif|jpeg)'");
$url_out = array("\\1.\\3 \\2");
$url_filter = preg_replace($url_in, $url_out, $url);
$arr = explode(' ', $url_filter);
if (count($arr) == 2) {
//Kiem tra dieu kien view anh
/*function base64_url_encode($input) {
return strtr(base64_encode($input), '+/', '-_');
}*/
function base64_url_decode($input)
{
return base64_decode(strtr(str_replace('=', '', $input), '-_,', '+/'));
}
$title = base64_url_decode($arr[1]);
EnBacImage::thumbImageWithBackground(urldecode($arr[0]), 0, 0, 0, 1, $title, 1);
exit;
} else {
//Xem ảnh max ko phun text
$url_in = array("'thumb_max/([a-zA-Z0-9-_./]+)'");
$url_out = array("\\1");
$url_filter = preg_replace($url_in, $url_out, $url);
$arr = explode(' ', $url_filter);
if (count($arr) == 1) {
//Kiem tra dieu kien view anh
EnBacImage::thumbImageWithBackground(urldecode($arr[0]), 0, 0, 0, 1);
exit;
}
}
}
echo $ciphertext = $rsa->encrypt($plaintext);
//file_put_contents('rsa.key',urlencode(base64_encode($ciphertext)));
echo "\n<br/>====BASE64_encode==========================================<br/>\n";
echo base64_url_encode($ciphertext);
//urlencode(base64_encode($ciphertext));
echo "\n<br/>====BASE64_decode==========================================<br/>\n";
echo base64_decode(urldecode(urlencode(base64_encode($ciphertext))));
echo "\n<br/>==============================================<br/>\n";
$rsa->loadKey($privateKey);
// private key
echo $rsa->decrypt($ciphertext);
echo "\n<br/>==============================================<br/>\n";
echo base64_decode($_GET['code']);
$code = file_get_contents('rsa.key');
echo "\n<br/>==============================================<br/>\n";
echo $rsa->decrypt(base64_url_decode($_GET['code']));
//echo $rsa->decrypt(base64_decode(urldecode($_GET['code'])));
echo "<br/>";
echo base64_decode(urldecode($_GET['code']));
echo "<br/>";
if (trim(urlencode($_GET['code'])) == trim($code)) {
echo $rsa->decrypt(base64_decode(file_get_contents('rsa.key')));
} else {
echo "<br/>NOT MATCH!";
echo "<br/>" . $code;
echo "\n<br/>==============================================<br/>\n";
echo $_GET['code'];
echo "\n<br/>==============================================<br/>\n";
//echo $rsa->decrypt(base64_decode(urldecode($_GET['code'])));
}
echo "<br/>";
function spider_facebook_front_end_short($content)
{
global $wpdb;
global $xxx;
global $post;
////////////////////regiister page
//if(isset($_GET['task']) && isset($_GET['type']) && isset($_GET['appid']) && isset($_GET['g_red']) && ($_GET['task']=='registered' || $_GET['task']=='registration'))
if (isset($_GET['task']) && (isset($_GET['fbid']) || isset($_GET['g_red']) || isset($_GET['res']) || isset($_GET['logout_red'])) && ($_GET['task'] == 'login' || $_GET['task'] == 'registered' || $_GET['task'] == 'registration' || $_GET['task'] == 'loginwith' || $_GET['task'] == 'logout')) {
$task = esc_attr($_GET['task']);
$type = esc_attr($_GET['type']);
$appid = esc_attr($_GET['appid']);
if (isset($_GET['fb_only'])) {
$fb_only = esc_attr($_GET['fb_only']);
} else {
$fb_only = '';
}
$reg_red = $_GET['g_red'];
if (isset($_GET['log_red'])) {
$log_red = $_GET['log_red'];
} else {
$log_red = '';
}
if (isset($_GET['logout_red'])) {
$logout_red = $_GET['logout_red'];
} else {
$logout_red = '';
}
$log_red = str_replace('@@@', '&', $log_red);
$logout_red = str_replace('@@@', '&', $logout_red);
switch ($task) {
case 'logout':
wp_logout();
wp_redirect(get_permalink());
return '';
break;
case 'registration':
if (strpos(get_permalink(), '?')) {
$a = get_permalink() . '&task=registered&type=' . $type . '&g_red=' . $reg_red;
} else {
$a = get_permalink() . '?task=registered&type=' . $type . '&g_red=' . $reg_red;
}
$encodedurl = urlencode($a);
switch ($type) {
case 'auto':
?>
<iframe src="https://www.facebook.com/plugins/registration?
client_id=<?php
echo $appid;
?>
&
redirect_uri=<?php
echo $encodedurl;
?>
&
fields=[
{'name':'name'},
{'name':'first_name'},
{'name':'last_name'},
{'name':'email'},
{'name':'gender'},
{'name':'birthday'},
]
"
scrolling="auto"
frameborder="no"
style="border:none"
allowTransparency="true"
width="100%"
height="800">
</iframe>
<?php
break;
case 'password':
?>
<iframe src="https://www.facebook.com/plugins/registration?
client_id=<?php
echo $appid;
?>
&
redirect_uri=<?php
echo $encodedurl;
?>
&
fields=[
{'name':'name'},
{'name':'first_name'},
{'name':'last_name'},
{'name':'email'},
{'name':'gender'},
{'name':'birthday'},
{'name':'username','description':'Username','type':'text'},
{'name':'password','description':'Password'},
]
"
scrolling="auto"
frameborder="no"
style="border:none"
allowTransparency="true"
width="100%"
height="1000">
</iframe>
<?php
break;
case 'captcha':
?>
<iframe src="https://www.facebook.com/plugins/registration?
client_id=<?php
echo $appid;
?>
&
redirect_uri=<?php
echo $encodedurl;
?>
&
fields=[
{'name':'name'},
{'name':'first_name'},
{'name':'last_name'},
{'name':'email'},
{'name':'gender'},
{'name':'birthday'},
{'name':'username','description':'Username','type':'text'},
{'name':'password','description':'Password'},
{'name':'captcha'}
]
"
scrolling="auto"
frameborder="no"
style="border:none"
allowTransparency="true"
width="100%"
height="1000">
</iframe>
<?php
break;
}
return '';
break;
case 'registered':
$type = $_GET['type'];
$reg_red = $_GET['g_red'];
$reg_red = str_replace('@@@', '&', $reg_red);
$signed_request = $_POST['signed_request'];
$data = explode('.', $signed_request);
$params = json_decode(base64_url_decode($data[1]), true);
switch ($type) {
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
case 'auto':
$user_id = $params['user_id'];
$username = $params['registration']['name'];
$password = wp_generate_password(10);
$data = array();
// array for all user settings
$data['first_name'] = $params['registration']['first_name'];
// add first- and lastname
$data['last_name'] = $params['registration']['last_name'];
$data['name'] = $params['registration']['name'];
// add first- and lastname
$data['username'] = $params['registration']['name'];
// add username
$data['email'] = $params['registration']['email'];
// add email
/* no need to add the usertype, it will be generated automaticaly from the gid */
$data['password'] = $password;
// set the password
$data['sendEmail'] = 1;
// should the user receive system mails?
/* Now we can decide, if the user will need an activation */
$userdata = array('user_login' => $data['username'], 'user_pass' => $data['password'], 'user_email' => $data['email'], 'nickname' => $data['first_name'] . $data['last_name'], 'first_name' => $data['first_name'], 'last_name' => $data['last_name'], 'user_pass' => $data['password']);
wp_insert_user($userdata);
global $wpdb;
if ($user_id != "") {
$query0 = $wpdb->prepare("DELETE FROM `" . $wpdb->prefix . "spiderfacebook_login` WHERE user_id=%s", $user_id);
$wpdb->query($query0);
$wpdb->insert($wpdb->prefix . "spiderfacebook_login", array('user_id' => $user_id, 'username' => $username, 'password' => $password), array('%s', '%s', '%s'));
}
$creds['user_login'] = $username;
$creds['user_password'] = $password;
$creds['remember'] = true;
$userr = wp_signon($creds, false);
if (is_wp_error($userr)) {
echo $userr->get_error_message();
}
wp_redirect(get_permalink());
exit;
break;
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
case 'password':
case 'captcha':
$user_id = $params['user_id'];
$username = $params['registration']['username'];
$password = $params['registration']['password'];
$data = array();
// array for all user settings
$data['first_name'] = $params['registration']['first_name'];
// add first- and lastname
$data['last_name'] = $params['registration']['last_name'];
// add first- and lastname
$data['username'] = $username;
// add username
$data['email'] = $params['registration']['email'];
// add email
//$data['gid'] = $acl->get_group_id( '', $usertype, 'ARO' ); // generate the gid from the usertype
/* no need to add the usertype, it will be generated automaticaly from the gid */
$data['password'] = $password;
// set the password
$data['password2'] = $password;
// confirm the password
$data['sendEmail'] = 1;
// should the user receive system mails?
$userdata = array('user_login' => $data['username'], 'user_pass' => $data['password'], 'user_email' => $data['email'], 'nickname' => $data['first_name'] . $data['last_name'], 'first_name' => $data['first_name'], 'last_name' => $data['last_name'], 'user_pass' => $data['password2']);
wp_insert_user($userdata);
global $wpdb;
if ($user_id != "") {
$query0 = $wpdb->prepare("DELETE FROM `" . $wpdb->prefix . "spiderfacebook_login` WHERE user_id=%s", $user_id);
$wpdb->query($query0);
$wpdb->insert($wpdb->prefix . "spiderfacebook_login", array('user_id' => $user_id, 'username' => $username, 'password' => $password), array('%s', '%s', '%s'));
}
$creds['user_login'] = $username;
$creds['user_password'] = $password;
$creds['remember'] = true;
$userr = wp_signon($creds, false);
if (is_wp_error($userr)) {
echo $userr->get_error_message();
}
wp_redirect(get_permalink());
exit;
break;
}
break;
case 'login':
$res = $_GET['res'];
$data = explode('.', $res);
//print_r(json_decode(base64_url_decode($data[1]), true));
$user = json_decode(base64_url_decode($data[1]), true);
$login_user_id = $user['user_id'];
//print_r($login_user_id);
global $wpdb;
$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "spiderfacebook_login\n\t\tWHERE user_id=%s", $login_user_id);
$result = $wpdb->get_row($query);
$creds['user_login'] = $result->username;
$creds['user_password'] = $result->password;
$userr = wp_signon($creds, false);
if (is_wp_error($userr)) {
echo $userr->get_error_message();
}
wp_redirect(get_permalink());
exit;
}
}
///////////////////// normal post or page
$url = get_permalink();
if ($post->post_type == 'post') {
$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "spiderfacebook_params WHERE (articles LIKE '%%***%d***%%' OR articles='all') AND `published`=1 ", $post->ID);
}
if (is_page()) {
$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "spiderfacebook_params WHERE (items LIKE '%%***%d***%%' OR items='all') AND `published`=1 ", $post->ID);
}
$params = $wpdb->get_results($query);
$login_id = wp_generate_password(10);
if (!count($params)) {
return $content;
}
foreach ($params as $param) {
$reglog = get_permalink();
if (is_user_logged_in() && $param->type == 'register') {
if (strpos(get_permalink(), '?')) {
$url_logen = get_permalink() . '&';
} else {
$url_logen = get_permalink() . '?';
}
if ($param->fb_only == 1) {
$login = '******' . $login_id . '").setAttribute("style","display:none");
function logout(){
window.location="' . $url_logen . 'task=logout&logout_red=' . $reglog . '";
}
</script>
<input type="button" class="button" value="Log out" onclick="logout()"/>
';
} else {
$login = '******' . $login_id . '").setAttribute("style","display:none");
</script>
';
}
} else {
$login = "";
}
$url = get_permalink();
$lang = get_bloginfo('language', 'en-US');
if (strpos($url, '?')) {
$url_conect_with = $url . '&';
} else {
$url_conect_with = $url . '?';
}
$reglog = str_replace('&', '@@@', $url);
$param->code = str_replace('autoLOGREDauto', $reglog, $param->code);
$param->code = str_replace('autoREGREDauto', $reglog, $param->code);
$param->code = str_replace('get_registration_for_faceebok_page_or_post', $url_conect_with, $param->code);
if ($param->render == '3' || $param->render == '4') {
$encode = urlencode($url);
} else {
$encode = $url;
}
$param->code = str_replace('autoSITEURLauto', $encode, $param->code);
$param->code = str_replace('get_registration_for_faceebok_page_or_post', $url_conect_with, $param->code);
$param->code = str_replace('autoLANGauto', $lang, $param->code);
$param->code = str_replace('temp_id', $login_id, $param->code);
if (is_page()) {
$swich_my = $param->item_place;
} else {
$swich_my = $param->place;
}
switch ($swich_my) {
case "bottom":
$content = $content . $param->code . $login;
break;
case "top":
if ($xxx == 1) {
$content = $param->code . '</br>' . $content . $login;
$xxx = 0;
} else {
$content = $param->code . $content . $login;
}
break;
case "both":
if ($xxx == 1) {
$content = $param->code . '</br>' . $content . $param->code . $login;
$xxx = 0;
} else {
$content = $param->code . $content . $param->code . $login;
}
break;
}
}
return $content;
}
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0)
{
$ckey_length = 4;
$key = md5($key ? $key : C('AUTH_KEY'));
$keya = md5(substr($key, 0, 16));
$keyb = md5(substr($key, 16, 16));
$keyc = $ckey_length ? $operation == 'DECODE' ? substr($string, 0, $ckey_length) : substr(md5(microtime()), -$ckey_length) : '';
$cryptkey = $keya . md5($keya . $keyc);
$key_length = strlen($cryptkey);
$string = $operation == 'DECODE' ? base64_url_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0) . substr(md5($string . $keyb), 0, 16) . $string;
$string_length = strlen($string);
$result = '';
$box = range(0, 255);
$rndkey = array();
for ($i = 0; $i <= 255; $i++) {
$rndkey[$i] = ord($cryptkey[$i % $key_length]);
}
for ($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
for ($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
$result .= chr(ord($string[$i]) ^ $box[($box[$a] + $box[$j]) % 256]);
}
if ($operation == 'DECODE') {
if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $keyb), 0, 16)) {
return substr($result, 26);
} else {
return '';
}
} else {
return $keyc . base64_url_encode($result);
}
}
function url_decrypt($url, $key = false)
{
$url = Config::get('url_mode') ? base64_url_decode($url) : rawurldecode($url);
if ($key) {
$url = str_rot_pass($url, $key, true);
} else {
if (Config::get('encryption_key')) {
$url = str_rot_pass($url, Config::get('encryption_key'), true);
}
}
return $url;
}
<!DOCTYPE html>
<!--[if IE 9 ]><html class="ie9"><![endif]-->
<?php
$root = "/venues";
require_once realpath($_SERVER["DOCUMENT_ROOT"]) . "/venues/session.php";
$uid = check_login($conn, 600, 'Biscuit');
// md5 for venues_search_people
$key = '371555a819ed7a48f8c117e4cf6832a3';
if (isset($_GET['people'])) {
$people = $_GET['people'];
$people = base64_url_decode($people);
} else {
$people = null;
}
?>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0" />
<meta name="format-detection" content="telephone=no">
<meta charset="UTF-8">
<title>Αρχική Σελίδα</title>
<!-- CSS -->
<link href="<?php
echo "{$root}/";
?>
css/bootstrap.min.css" rel="stylesheet">
<link href="<?php
echo "{$root}/";
?>
public function bind_action()
{
if (AWS_APP::session()->weibo_user) {
$weibo_user_info = AWS_APP::session()->weibo_user;
unset(AWS_APP::session()->weibo_user);
}
if ($_GET['error'] == 'access_denied') {
H::redirect_msg(AWS_APP::lang()->_t('授权失败'), '/account/login/');
}
if ($this->user_id) {
$weibo_user = $this->model('openid_weibo_oauth')->get_weibo_user_by_uid($this->user_id);
if ($weibo_user) {
H::redirect_msg(AWS_APP::lang()->_t('此账号已绑定微博账号'), '/account/login/');
}
}
$callback_url = '/account/openid/weibo/bind/';
if ($_GET['return_url']) {
$callback_url .= 'return_url-' . $_GET['return_url'];
}
if ($_GET['code']) {
if ($_GET['code'] != $weibo_user_info['authorization_code']) {
$this->model('openid_weibo_oauth')->authorization_code = $_GET['code'];
$this->model('openid_weibo_oauth')->redirect_url = $callback_url;
if (!$this->model('openid_weibo_oauth')->oauth2_login()) {
H::redirect_msg($this->model('openid_weibo_oauth')->error_msg, '/account/login/');
}
$weibo_user_info = $this->model('openid_weibo_oauth')->user_info;
}
if (!$weibo_user_info) {
H::redirect_msg(AWS_APP::lang()->_t('微博登录失败,用户信息不存在'), '/account/login/');
}
$weibo_user = $this->model('openid_weibo_oauth')->get_weibo_user_by_id($weibo_user_info['id']);
if ($this->user_id) {
if ($weibo_user) {
H::redirect_msg(AWS_APP::lang()->_t('此微博账号已被绑定'), '/account/login/');
}
$this->model('openid_weibo_oauth')->bind_account($weibo_user_info, $this->user_id);
if (!$this->model('integral')->fetch_log($this->user_id, 'BIND_OPENID')) {
$this->model('integral')->process($this->user_id, 'BIND_OPENID', round(get_setting('integral_system_config_profile') * 0.2), '绑定 OPEN ID');
}
HTTP::redirect('/account/setting/openid/');
} else {
if ($weibo_user) {
$user = $this->model('account')->get_user_info_by_uid($weibo_user['uid']);
if (!$user) {
$this->model('openid_weibo_oauth')->unbind_account($weibo_user['uid']);
H::redirect_msg(AWS_APP::lang()->_t('本地用户不存在'), '/account/login/');
}
$this->model('openid_weibo_oauth')->update_user_info($weibo_user['id'], $weibo_user_info);
if (get_setting('register_valid_type') == 'approval' and $user['group_id'] == 3) {
$redirect_url = '/account/valid_approval/';
} else {
if ($_GET['state']) {
$state = base64_url_decode($_GET['state']);
}
if (get_setting('ucenter_enabled') == 'Y') {
$redirect_url = '/account/sync_login/';
if ($state['return_url']) {
$redirect_url .= 'url-' . base64_encode($state['return_url']);
}
} else {
if ($state['return_url']) {
$redirect_url = $state['return_url'];
} else {
$redirect_url = '/';
}
}
HTTP::set_cookie('_user_login', get_login_cookie_hash($user['user_name'], $user['password'], $user['salt'], $user['uid'], false));
if (get_setting('register_valid_type') == 'email' and !$user['valid_email']) {
AWS_APP::session()->valid_email = $user['email'];
}
}
HTTP::redirect($redirect_url);
} else {
switch (get_setting('register_type')) {
case 'close':
H::redirect_msg(AWS_APP::lang()->_t('本站目前关闭注册'), '/account/login/');
break;
case 'invite':
H::redirect_msg(AWS_APP::lang()->_t('本站只能通过邀请注册'), '/account/login/');
break;
case 'weixin':
H::redirect_msg(AWS_APP::lang()->_t('本站只能通过微信注册'), '/account/login/');
break;
}
AWS_APP::session()->weibo_user = $weibo_user_info;
$this->crumb(AWS_APP::lang()->_t('完善资料'), '/account/login/');
TPL::assign('register_url', 'account/ajax/weibo/register/');
$user_name = str_replace('-', '', AWS_APP::session()->weibo_user['screen_name']);
while ($this->model('account')->check_username($user_name) || !$this->model('account')->is_valid_username($user_name) || $this->model('account')->check_username_sensitive_words($user_name)) {
$user_name = $this->model('account')->random_username();
}
TPL::assign('user_name', $user_name);
TPL::assign('sns_type', 'weibo');
TPL::import_css('css/register.css');
TPL::output('account/openid/callback');
}
}
} else {
$state = $_GET['return_url'] ? base64_url_encode(array('return_url' => base64_decode($_GET['return_url']))) : null;
HTTP::redirect($this->model('openid_weibo_oauth')->get_redirect_url('/account/openid/weibo/bind/', $state));
}
}
<?php
function base64_url_decode($input)
{
return base64_decode(strtr($input, '-_', '+/'));
}
$tests = explode("\n", file_get_contents('tests.txt'));
foreach ($tests as $test) {
if (!$test || $test[0] == '#') {
continue;
}
list($name, $input, $output) = explode(' ', $test);
$data = base64_url_decode($input);
if ($data !== $output) {
print 'php: ' . $name . ' failed. ' . $data . ' != ' . $output . "\n";
}
}
